0

Possible Duplicate:
How do I set up a shared directory on Linux?

I can't for the life of me figure out how to design my permissions scheme for my apache files. My requirements seem pretty simple:

  1. Apache should have standard permissions of RX for Directories and R for files
  2. Web authors should have RWX for Directories and RW for files
  3. Don't want to give any access to "other"
  4. Want new files/folders to inherit the proper permissions

Here are the schemes I've tried

570 for directories and 460 for files Owner: Apache Group: Webdev

The problem here is that new files created by users int the Webdev group are owned by user:Webdev and Apache can't read them. If Apache were in the group Webdev then it would also have the wrong permissions (ie it would have Write permissions to files)

750 for directories and 640 for files Owner: Webdev Group: Apache

(Webdev is a member of Apache)

The problem here is that there is only one webdev account and I have multiple people who need access to contribute. In theory this would work with only one developer if Webdev were also a member of the Apache group.

Any ideas?

Community
  • 1
asolberg
  • 121
  • 1
  • 2

1 Answers1

-1

Your DocumentRoot (and in turn anything inside) should not be writable by the Apache user (i.e., the user ID which is running the apache process) unless you have a very specific reason (if you are unsure, or are guessing then the answer is "no"). I understand your four requirements, but number three is wrong. An unknown, untrusted visitor to your website should have other permissions applied to them.

Here's what you want to do:

  1. Your DocumentRoot should be: user=root, group=webdev, mode=0775
  2. Your users should be in the webdev group
  3. Each user should set umask 0002 in their shell rc script

The last item is the key. Setting the umask to 0002 will ensure that files are always created rw-rw-r-- and directories are created rwxrwxr-x.

bahamat
  • 6,263
  • 24
  • 28