[CentOS] allowing users to write to a web content area

[Ljubomir Ljubojevic]

Nicolas Thierry-Mieg wrote:
> Marian Marinov wrote:
>> On Monday 16 May 2011 06:19:49 David Mehler wrote:
>>> Hello,
>>> I've got apache running on a centos 5.6 machine. All of my users have
>>> a umask of 077 set in /etc/bashrc. I'm now wanting to give several of
>>> them permission to write to a web area so they can place content
>>> visible to the web server. I've got two groups webdev1 and webdev2
>>> which I want one to be able to write to site1 and the other to site2.
>>> I've got between 3 and 5 users in each group. I'd prefer not to mess
>>> with these users umask settings, but want the correct permissions and
>>> ownerships user:webdev1 or user:webdev2 where user is the username of
>>> the person who placed the file. Permissions I believe should be 664 so
>>> apache can read the files.
>>>
>>> I'm wondering if I need to look in to ACLS which I've not used or if
>>> there's another solution?
>>>
>>> Thanks.
>>> Dave.
>> It seams obvious... add the apache user to both webdev1 and webdev2 groups and
>> you are done... no need to change umasks and perms :)
> 
> This would give apache write access to the site contents, which is bad 
> practice.
> 
> It also won't solve the umask issue.
> Since the OP wants all members of webdev1 to have write access to site1, 
> he needs the setgid bit active on site1/ . And he needs all files in 
> site1/ to be 664 as he says.
> But with a umask 077 for all users, any new file created by a user will 
> be 600.
> I don't know how to solve that cleanly at file creation (but I don't 
> know ACLs).
> You could ask your users to try to remember to chmod any new files; and 
> have a find command running in cron regularly to do the chmod when they 
> forget.

There is an option to set on the directory so any new file when created 
will have umask of the group or directory owner (something like that). I 
am yet to test and use this but I found howto somewhere on the net.

Ljubomir