m.roth@5-cent.us wrote:
Todd wrote:
With /var/www/html owned by root:root and me loggin in as 'jason' I cannot accomplish this. I don't allow root logins over ssh...
<snip> > Would I change /var/www/html/<my domain> owner to myid:mygroup? I am > not sure the famifications of this and how Apache would behave, etc.
The whole of /var/www can belong to myid:mygroup as long as the apache
<snip>
Not a great idea. Rather, I'd recommend that it be the apache user (apache or httpd, whichever you have it as, and have the directory of a
group
that you belong to (remember, you can have multiple secondary groups,
like,
say, group httpd), and make it group writeable.
I don't quite follow.
if I do a 'getent groups' I do have apache as a group.
Or if you just type "groups" from the command line....
So you are saying set the owner of /var/www/html<my domain> and all files below to apache:apache and then add my personal id to the apache group?
And make the directory you want to upload stuff into, not /var/www/html, but /var/www/html/<yourdomain>/<maybewhatever>, group writeable, then sudo usermod -G apache myusername
again: this is bad advice, httpd is runing as user apache so you should avoid giving that user write access to stuff in /var/www/ unless it needs to (CGI, file uploads, etc...). The apache user only needs read access. The users editing the content need write access. Make /var/www/* owned by root, or yourself, or some brand new account, but not by apache. Then use groups and sgid bits to give write access (to relevant subdirs) to whoever needs to edit the content.