Combined network- / webshare: file ownership and permissions

Question

I'm using a combination of pyd.io and netatalk to have my remote storage available at home and from anywhere. So far (reading) everything works fine, but now — while trying to upload something for the first time — I have a problem that causes me a headache.

The directory /mnt/data is shared via afpd (netatalk) to as normal user pi (yes, I started with a Raspberry). Thus, file ownership is pi:pi, permissions 755. Works great: I can read and write locally and from a mac via netatalk.

The same directory is shared via pyd.io via apache2. Reading works perfectly, however, writing does not, as apache runs under user www-data:www-data. If I chmod to 777for test purposes, new files are created under www-data:www-data ownership (of course). But, they are then not writable for user pi via netatalk.

I really don't know how to solve this issue, since combining the two (running apache under pi or similar) seems to be very insecure.

Answer 1

I solved it with the following steps:

1. Create new group (in my case shared-data)
2. Add www-dataand pi to the group
3. Change permissions for the shared folder to 664
4. Make permissions for new folders the same chflags g+s -R /path
5. Make permissions for new files the same with setacl
6. Make pyd.io create new files and folders with 664
7. Edit netatalk share(s) in /usr/local/etc/afp.conf: Add file perm = 0664and directory perm = 0664
8. Restart apache and netatalk