With the permissions, you do the following:
- Create a group where apache and the cacti polling user belong to.
- Change the ownership of the rra directory so that the group has read+write access to it
- Follow the Answer from this post to make the group permission "sticky": Getting new files to inherit group permissions on Linux
Now even if apache creates the folder, the cacti polling user should have write access to it.
It just came to my mind setfacl
actually to apply an ACL on the folder to allow the group members to read AND write files created in the folder by other user in the same group then this should be enough:
setfacl -d -m g::rw /var/www/html/cacti/rra
then there are two options I think
- cactiuser and apache are members of each other's group (apache groups: apache cactiuser ---- cactiuser groups: cactiuser apache)
- use group permission "sticky" on the folder (owned by cactiuser.apache) and make cactiuser a member of apache as well
Personally I prefer the first option, as I noticed that by using BOOST
the user who creates the RRD files is the "apache" user, while not using BOOST
the user creating the files is the one running the poller (commonly for me "cactiuser").
If you have any thought about it, or if I got it all wrong, just let me know.