Issue
I am using mod_wsgi which has the ability to dynamically reload my run.wsgi script when there's a change. My app has many files, but only run.wsgi is monitored for changes. Docs recommend to just 'touch' run.wsgi when any app files change - which does work well.
The problem I'm having is that my application is in a different (dedicated) user directory than my site's document root (for safety), and in certain circumstances, I need the user that owns the site to be able to 'touch' the run.wsgi file in the other user's directory (to force a reload of the app). And site-user can't touch -m /home/app-user/app/run.wsgi
touch: setting times of ‘/home/app-user/app/run.wsgi’: Operation not permitted
I've already created a "common" group and updated permissions as such:
usermod -a -G commongrp site-user
usermod -a -G commongrp app-user
chgrp commongrp run.wsgi
chmod 770 run.wsgi
site-user is able to actually modify the wsgi file, but I don't want to do that. I just want to kind of "fake" a modification of the file without actually modifying it. Is there a safe way to do this with linux permissions, or is there a better way to do this?
Solution
I would suggest you use sudo to allow the site-user to run touch as the app-user. Edit your sudoers file with visudo and create an entry like this:
site-user ALL=(app-user) NOPASSWD: /usr/bin/touch
Then run it as app-user whenever you want with sudo:
site-user$ sudo -u app-user /usr/bin/touch -m /home/app-user/app/run.wsgi
Answered By - micah94
