On Tue, 10 Jan 2006, RNuno wrote: > Hello all, > > I'm in the middle of the migration of an old web-server to a new > CentOS. Let me explain how things work now, I have a group of devs > that use the same user to work on the sites, this have a problem > because we never know who alter witch file. > > Most of the files on the old web-server are owned like > devuser:apache and in the new one I setup LDAP-Auth to get the real > users but the problem that I see here is this: > > All users of the devgroup should change/delete/create files > > So if I have a file owned userA:devgroup and so on since every dev > belongs to the devgroup this will work fine but then I have to put > the user apache on the mix, right? > > Some sites have to write files so in that case I have a problem > because i will have a file owned userA:devgroup and for apache write > it I have to make it world write. My suggestions, for what their worth: 1. Files that Apache needs only to read, chown root:devgroup ... chmod 664 ... 2. Files that Apache *and* the devgroup needs to write chown apache:devgroup ... chmod 660 ... 3. Files that Apache *but not* the devgroup needs to write chown root:apache ... chmod 660 ... -- Paul Heinlein <> heinlein at madboa.com <> www.madboa.com