[CentOS] Best pratice for this scenario
Paul Heinlein
heinlein at madboa.com
Tue Jan 10 17:35:00 UTC 2006
On Tue, 10 Jan 2006, RNuno wrote:
> Hello all,
>
> I'm in the middle of the migration of an old web-server to a new
> CentOS. Let me explain how things work now, I have a group of devs
> that use the same user to work on the sites, this have a problem
> because we never know who alter witch file.
>
> Most of the files on the old web-server are owned like
> devuser:apache and in the new one I setup LDAP-Auth to get the real
> users but the problem that I see here is this:
>
> All users of the devgroup should change/delete/create files
>
> So if I have a file owned userA:devgroup and so on since every dev
> belongs to the devgroup this will work fine but then I have to put
> the user apache on the mix, right?
>
> Some sites have to write files so in that case I have a problem
> because i will have a file owned userA:devgroup and for apache write
> it I have to make it world write.
My suggestions, for what their worth:
1. Files that Apache needs only to read,
chown root:devgroup ...
chmod 664 ...
2. Files that Apache *and* the devgroup needs to write
chown apache:devgroup ...
chmod 660 ...
3. Files that Apache *but not* the devgroup needs to write
chown root:apache ...
chmod 660 ...
--
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com
More information about the CentOS
mailing list