On Mon, 16 May 2011, Nicolas Thierry-Mieg wrote:
This would give apache write access to the site contents, which is bad practice.
It also won't solve the umask issue. Since the OP wants all members of webdev1 to have write access to site1, he needs the setgid bit active on site1/ . And he needs all files in site1/ to be 664 as he says. But with a umask 077 for all users, any new file created by a user will be 600. I don't know how to solve that cleanly at file creation (but I don't know ACLs). You could ask your users to try to remember to chmod any new files; and have a find command running in cron regularly to do the chmod when they forget.
ACLs sounds like a perfectly reasonable solution to me. Default ACLs set on a directory apply to files/directories created within it, so there shouldn't be a file creation issue.
A periodic scan from a cron find isn't a bad idea either, as it provides you a mechanism to reimpose correctness even if people do something wrong. I don't think you're likely to find that happens to much with ACLs and most people don't understand how to use them so won't change them ;)
jh