Managing permissions for web folders

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



We have a web folder /var/www/somesite that's a root for one of the sites.  Apache serves files out of here. 

It is an svn checkout, so that updates could be done by using svn up. 

Everything has been going great when I use the root user to update, but now I need to give access to other people to make deployments, and it doesn't seem to be easy to do using regular users. 

I have created a group called staff and added the new user to it, lets say user1.  

I ran the following commands to set the permissions 

find . -type d -exec chmod 2775 \{} \;
find . -not -type d -exec chmod 0664 \{} \;
chown user1.staff .

This allows the user to make deployments. 

Now comes in user2.  User2 is also a member of group staff, so he can also make deployments.  We haven't ran into any issues yet, but I believe as long as the files are owned by staff, both users can change the files, no matter which one of them owns it. 

Now we also need to give apache write access to a folder.  Lets say /var/www/somesite/files.  

There are several options here.  
- We can add apache to the staff group, but this would give apache access to the whole /var/www/somesite tree.  
- We can change the group to apache.  We will need to add user1 and user2 to the apache group.  One of the problems with this is that the users would have access to everything that apache has access to.  Another problem is that while user1 can run chmod -R user1.apache files, it will fail if the files are owned by someone else (like user2 or apache).  Is there a way to get around this?

Am I going about this the wrong way?  

Russ
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux