[CentOS] allowing users to write to a web content area

Mon May 16 09:31:39 UTC 2011
Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg at imag.fr>

Marian Marinov wrote:
> On Monday 16 May 2011 06:19:49 David Mehler wrote:
>> Hello,
>> I've got apache running on a centos 5.6 machine. All of my users have
>> a umask of 077 set in /etc/bashrc. I'm now wanting to give several of
>> them permission to write to a web area so they can place content
>> visible to the web server. I've got two groups webdev1 and webdev2
>> which I want one to be able to write to site1 and the other to site2.
>> I've got between 3 and 5 users in each group. I'd prefer not to mess
>> with these users umask settings, but want the correct permissions and
>> ownerships user:webdev1 or user:webdev2 where user is the username of
>> the person who placed the file. Permissions I believe should be 664 so
>> apache can read the files.
>> I'm wondering if I need to look in to ACLS which I've not used or if
>> there's another solution?
>> Thanks.
>> Dave.
> It seams obvious... add the apache user to both webdev1 and webdev2 groups and
> you are done... no need to change umasks and perms :)

This would give apache write access to the site contents, which is bad 

It also won't solve the umask issue.
Since the OP wants all members of webdev1 to have write access to site1, 
he needs the setgid bit active on site1/ . And he needs all files in 
site1/ to be 664 as he says.
But with a umask 077 for all users, any new file created by a user will 
be 600.
I don't know how to solve that cleanly at file creation (but I don't 
know ACLs).
You could ask your users to try to remember to chmod any new files; and 
have a find command running in cron regularly to do the chmod when they