Hello, Is there a 'correct' way to set permissions on /var/www/example.com such that I can have a specific user write to that folder, and have apache use it for the Virtual Host example.com? I am running Apache 2.2 on Debian 5 (Lenny).
While searching for a solution, the only relevant result I've found is <http://serverfault.com/questions/6895/whats-the-best-way-of-handling-permissions-for-apache2s-user-www-data-in-var> but that is from 2009 and I don't know if there's a better way now. Here's a summary of what I've gathered is a way to do this (but I'm not just trying it out because I don't want to create a hole that I forget to fix while undoing everything): 1. Create a new group `www-examplecom` and add the users `example-editor` and `www-data` to it. The former is the regular user I want to have access to the files for that Virtual Host and the latter is the Apache user which may need to upload files using PHP. 2. Change ownership of `/var/www/example.com` to `root:www-examplecom` 3. Change permissions of `/var/www/example.com` directory (and subdirectories) to 0775 to give owner and group read/write/execute and then to 2775 to set SetGID to ensure files created under `/var/www/example.com` are created under `www-examplecom` 4. Change permissions of files under `/var/www/example.com` to 0664 to read/write for users. 5. Change umask for user `example-editor` to 0002 so that files are created by him in a way that allows them to be edited by the group as well. 6. Set umask in the PHP program to 0002 so that files are created by user `www-data` in a way that allows them to be edited by the group as well. You might wonder why I need to give `example-editor` access to this host. Quite simply, I have a friend who I agreed to host and I need him to be able to write to this folder on his own. However, I don't want him doing something foolish and killing us all, so I can't just give him the root password. Is this the right way to go about things? Regards, -- Roshan George <[email protected]> _______________________________________________ ILUGC Mailing List: http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
