On Thursday 29 Sep 2011 07:57:49 Jonas de Buhr wrote:
> >> The problem with that is he will need to test his code in the working
> >> system.
> why in the production system?
> >>I need a way for him to be able to read/write to a certain
> >> file or files within the working system, but have no read/write
> >> access to any other files in the system.
> >> Is SFTP perhaps the way to go for this?
> >> - Grant
> >For some reason I thought SFTP would provide access control but now
> >I'm thinking it's just like SSH in that access control is based on
> >file ownership and permissions?
> > If that's the case, can anyone think
> >of a better way to control remote access to my files than chmod/chown?
> someone already did
> > I think it would be nice if the access control were built into the
> >transport mechanism, version control system, or something else already
> >in use, but it doesn't sound like that's going to happen.
> its certainly possible to control the write access with ACLs. read
> access however is a different story because as soon as his code runs in
> the context of the webrowser he will likely be able to read the rest of
> the code.
I'm not sure if you are overcomplicating this by trying to use Unix
permission. Have you instead considered webdav? You can restrict this to
particular (apache) users/groups, directories, files. It also uses lockfiles
so with two users editing a file simultaneously will cause a warning when you
try to save it.