Generally I use BloGTK via XML-RPC to post here. Sometimes I want to ssh in and hand edit files as well. Occasionally I want to hand create entries and maybe even edit via BloGTK. Either way, permissions become a pain in the ass. Apache runs as user
$APACHEU and group
$APACHEV (I'm using shell variables rather than revealing the actual names out of bootless paranoia). When I log in, I'm user
$UCHE in group
$OGBUJIS. Here is the rather brute way I solved part of the problem.
I set the SGID bit on all the directories to which I expect files written through pyblosxom.cgi:
chmod g+s $DATADIR chmod g+s $DATADIR/metadata chmod g+s $DATADIR/comments
I made sure the group of each was
$OGBUJIS, of course. So now whenever a new file is created through XML-RPC or some other plug-in, it's created with group
$OGBUJIS, and I can happily ssh in to edit as
This doesn't solve the converse problem of using CGI to edit files I created by hand, but this is rare enough that i just log in as root and use chown to sort things out.
Does anyone else have a better way? I thought of Apache suexec, but my past experiences with it have been nightmares of impenetrable detail.