less permissive volume sharing
-
In the docs, it says to chmod 777 any volume you want shared between various apps.
Is there an easy way to be more restrictive about this? What if I only want two apps to have access, and don't want every local machine user to?
-
I see at the bottom of the page https://docs.cloudron.io/volumes/#sharing there are instructions to share with all users of the media group. Is the chmod 777 really still necessary when doing that? And if I want to be specific about which apps have access, then do I create a new group, add the run-as users to it, and then follow the same instructions for media but with my new group?
-
It uses linux permissions, I'd expect that chown'ing the folder(s) in question to yellowtent would be enough - otherwise there isn't much that can be done via cloudron for the volumes. Restrict the folder to the yellowtent user and group (Cloudron's user) and I think that'll be enough - but it wont restrict per-app.
-
It uses linux permissions, I'd expect that chown'ing the folder(s) in question to yellowtent would be enough - otherwise there isn't much that can be done via cloudron for the volumes. Restrict the folder to the yellowtent user and group (Cloudron's user) and I think that'll be enough - but it wont restrict per-app.
-
@murgero Thank you. That's what I was thinking. But it wasn't the case. Apps can't write to a directory owned by yellowtent.
-
@Recliner2042 oh, does it have to be root? I don't use the shared volumes currently so I wasn't 100% sure, just working of basic Linux Knowledge
@murgero I'm pretty sure you have to create a group, place each run-as app-user into that group, and then make the group own the directory. But I'm not an expert at this stuff.
-
G girish has marked this topic as solved on
-
@girish did you mark this solved because I got it right in my last post?
-
@Recliner2042 yes, sorry, I thought the problem was solved. Is that not the case?
@girish Well, it wasn't exactly a problem. I was just asking an important question, and wanted a confirmation that I guessed the right answer.
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better 💗
Register Login