On 05/04/2011 12:49 PM, Johan Martinez wrote:
> Thanks for the suggestions Richard and Kenneth. I installed drupal here
> and it requires user running apache to have write access on filesystem.
> Otherwise it complains: 'The directory sites/default/files is not
> writable'. The content editors/developers need write access to
> theme/pictures folders. So it seems like I can't avoid giving write
> access to apache user. Any hacks or tips here?
Tip 1:
Your files and directories can have different permissions. Rather than
your original setup, try:
chown -R apache:contenteditors /var/www/html
find /var/www/html -type f -exec chmod 0464 {} +
find /var/www/html -type d -exec chmod 2575 {} +
or:
chown -R apache:apache /var/www/html
find /var/www/html -type f -exec setfacl -m g:contenteditors:rw {} +
find /var/www/html -type d -exec setfacl -m g:contenteditors:rwx {} +
Tip 2:
Don't install drupal in /var/www/html. Generally, /var/www/html should
be used only for static content. Web applications should be installed
outside the document root to prevent a misconfiguration from allowing
remote clients from downloading files that might contain configurations,
passwords, or other sensitive information. See the rpm packaged drupal
for an example of how this is done.
Tip 3:
If your application says that it needs write access to
"sites/default/files", then add write access only for that directory.