Security and permissions
Posted: Mon Mar 06, 2017 3:23 am
Hi Timur, would you mind letting us know a little on how you suggest implementing RULES in terms of permissions and security? I noticed that RULES creates 777 files and directories, for instance when asking it to do a walk or make thumbnails (I guess it's actually user render that creates the .rules folder).
I've been experimenting with having RULES run by http user, and then users and render groups with various permission settings. I'd like to get to a point where there is some security in various folders, for instance, the .rules folders were only removable by certain users. Once a project has been running for awhile, they can hold quite vital data which would be bad to loose (comments, briefs etc).
Would be interested in hearing how you deal with this. I'm hesitant adding ACL or another more fine-grained permission layer on the file-system.
Cheers,
Peter.
I've been experimenting with having RULES run by http user, and then users and render groups with various permission settings. I'd like to get to a point where there is some security in various folders, for instance, the .rules folders were only removable by certain users. Once a project has been running for awhile, they can hold quite vital data which would be bad to loose (comments, briefs etc).
Would be interested in hearing how you deal with this. I'm hesitant adding ACL or another more fine-grained permission layer on the file-system.
Cheers,
Peter.