less permissive volume sharing
-
wrote on May 10, 2024, 7:48 PM last edited by
In the docs, it says to chmod 777 any volume you want shared between various apps.
Is there an easy way to be more restrictive about this? What if I only want two apps to have access, and don't want every local machine user to?
-
wrote on May 10, 2024, 8:17 PM last edited by
I see at the bottom of the page https://docs.cloudron.io/volumes/#sharing there are instructions to share with all users of the media group. Is the chmod 777 really still necessary when doing that? And if I want to be specific about which apps have access, then do I create a new group, add the run-as users to it, and then follow the same instructions for media but with my new group?
-
It uses linux permissions, I'd expect that chown'ing the folder(s) in question to yellowtent would be enough - otherwise there isn't much that can be done via cloudron for the volumes. Restrict the folder to the yellowtent user and group (Cloudron's user) and I think that'll be enough - but it wont restrict per-app.
-
It uses linux permissions, I'd expect that chown'ing the folder(s) in question to yellowtent would be enough - otherwise there isn't much that can be done via cloudron for the volumes. Restrict the folder to the yellowtent user and group (Cloudron's user) and I think that'll be enough - but it wont restrict per-app.
wrote on May 11, 2024, 12:05 AM last edited by@murgero Thank you. That's what I was thinking. But it wasn't the case. Apps can't write to a directory owned by yellowtent.
-
@murgero Thank you. That's what I was thinking. But it wasn't the case. Apps can't write to a directory owned by yellowtent.
@Recliner2042 oh, does it have to be root? I don't use the shared volumes currently so I wasn't 100% sure, just working of basic Linux Knowledge
-
@Recliner2042 oh, does it have to be root? I don't use the shared volumes currently so I wasn't 100% sure, just working of basic Linux Knowledge
wrote on May 11, 2024, 9:15 PM last edited by Recliner2042 May 11, 2024, 9:15 PM@murgero I'm pretty sure you have to create a group, place each run-as app-user into that group, and then make the group own the directory. But I'm not an expert at this stuff.
-
G girish has marked this topic as solved on May 25, 2024, 7:02 AM
-
wrote on May 26, 2024, 10:04 PM last edited by
@girish did you mark this solved because I got it right in my last post?
-
@Recliner2042 yes, sorry, I thought the problem was solved. Is that not the case?
-
@Recliner2042 yes, sorry, I thought the problem was solved. Is that not the case?
wrote on May 27, 2024, 6:18 PM last edited by@girish Well, it wasn't exactly a problem. I was just asking an important question, and wanted a confirmation that I guessed the right answer.