On Tue, 10 Jan 2006, RNuno wrote:
Hello all,
I'm in the middle of the migration of an old web-server to a new CentOS. Let me explain how things work now, I have a group of devs that use the same user to work on the sites, this have a problem because we never know who alter witch file.
Most of the files on the old web-server are owned like devuser:apache and in the new one I setup LDAP-Auth to get the real users but the problem that I see here is this:
All users of the devgroup should change/delete/create files
So if I have a file owned userA:devgroup and so on since every dev belongs to the devgroup this will work fine but then I have to put the user apache on the mix, right?
Some sites have to write files so in that case I have a problem because i will have a file owned userA:devgroup and for apache write it I have to make it world write.
My suggestions, for what their worth:
1. Files that Apache needs only to read,
chown root:devgroup ... chmod 664 ...
2. Files that Apache *and* the devgroup needs to write
chown apache:devgroup ... chmod 660 ...
3. Files that Apache *but not* the devgroup needs to write
chown root:apache ... chmod 660 ...