I have a group of users (content editors) who need read-write access to apache document root. The apache web server is running as user:apache and group:apache. The filesystem permissions are currently set as apache:apache. How should I modify filesystem permission so that content editors can have read-write permissions and webserver can serve files as well? Following is what I have setup now, but I am not sure whether it is a good configuration. I appreciate any comments or suggestions regarding this.
<setup> chown -R apache:contenteditors /var/www/html chmod u=rx /var/www/html chmod g+w /var/www/html chmod g+s /var/www/html
Add people editing web/html files to contenteditors group. <setup>
thanks, jM.
User apache only needs read access except under special conditions, such as a script that needs to store configuration in a file. And a lot of apps store their state in a DB so they don't need filesystem write access at all.
Set the permissions as strict as possible, so that if an attacker finds a bug in apache, he does as little damage as possible.
-
Johan Martinez -
Kenneth Porter