1

I am trying to setup permissions for a directory in my apache2. I am going to show a scenario so its easier to explain and understand:

This is my directory listing with permissions 

 -> root:root drwxr-x--x www
      -> gasim:www-data drwxr-x--- mydomain.com
           -> drwxr-x--- gasim:www-data www
           -> drwxr-x--- gasim:www-data dev
      ... some other folders here

I am using a framework where I need to use www-data as a group because there are some write permissions etc.

I want to make the directory 'dev' have read/write permission by a group mydomain-dev How should I approach this but still keep the group www-data. I don't want to add the user to the group www-data because it will have access to other domain folders. Maybe this approach it self is wrong. If it is, whats a better way to approach this situation

Hope i made sense.

MDMarra
  • 100,734
  • 32
  • 197
  • 329
Gasim
  • 977
  • 4
  • 14
  • 23
  • take a look [here](http://serverfault.com/questions/357108/what-are-the-best-linux-permissions-to-use-for-my-website) and [here](http://serverfault.com/questions/124800/how-to-setup-linux-permissions-for-the-www-folder) – dawud Jul 27 '13 at 12:00

2 Answers2

2

You can add an extra vhost for this folder and run it with a different user:

For Linux: http://mpm-itk.sesse.net/

For (Open)Solaris: http://httpd.apache.org/docs/2.4/mod/mod_privileges.html

Teun Ouwehand
  • 21
  • 2
1

setfacl lets you create and modify access control lists with arbitrary lists of permissions, if your file system supports them. For example,

setfacl -m g:mydomain-dev:rwx,d:g:mydomain-dev:rwX www/mydomain.com/dev

The first part (before the comma) grants rwx permissions to the mydomain-dev group for the dev directory. The second part sets default permissions for new files or directories that get created within the dev directory.

See setfacl(1) for details.

Andrew Schulman
  • 8,811
  • 21
  • 32
  • 47