[CentOS] Best pratice for this scenario

Tue Jan 10 17:35:00 UTC 2006
Paul Heinlein <heinlein at madboa.com>

On Tue, 10 Jan 2006, RNuno wrote:

> Hello all,
>
> I'm in the middle of the migration of an old web-server to a new 
> CentOS. Let me explain how things work now, I have a group of devs 
> that use the same user to work on the sites, this have a problem 
> because we never know who alter witch file.
>
> Most of the files on the old web-server are owned like 
> devuser:apache and in the new one I setup LDAP-Auth to get the real 
> users but the problem that I see here is this:
>
> All users of the devgroup should change/delete/create files
>
> So if I have a file owned userA:devgroup and so on since every dev 
> belongs to the devgroup this will work fine but then I have to put 
> the user apache on the mix, right?
>
> Some sites have to write files so in that case I have a problem 
> because i will have a file owned userA:devgroup and for apache write 
> it I have to make it world write.

My suggestions, for what their worth:

1. Files that Apache needs only to read,

   chown root:devgroup ...
   chmod 664 ...

2. Files that Apache *and* the devgroup needs to write

   chown apache:devgroup ...
   chmod 660 ...

3. Files that Apache *but not* the devgroup needs to write

   chown root:apache ...
   chmod 660 ...

-- 
Paul Heinlein <> heinlein at madboa.com <> www.madboa.com