[CentOS] allowing users to write to a web content area

Mon May 16 09:40:17 UTC 2011
John Hodrien <J.H.Hodrien at leeds.ac.uk>

On Mon, 16 May 2011, Nicolas Thierry-Mieg wrote:

> This would give apache write access to the site contents, which is bad
> practice.
> It also won't solve the umask issue.
> Since the OP wants all members of webdev1 to have write access to site1,
> he needs the setgid bit active on site1/ . And he needs all files in
> site1/ to be 664 as he says.
> But with a umask 077 for all users, any new file created by a user will
> be 600.
> I don't know how to solve that cleanly at file creation (but I don't
> know ACLs).
> You could ask your users to try to remember to chmod any new files; and
> have a find command running in cron regularly to do the chmod when they
> forget.

ACLs sounds like a perfectly reasonable solution to me.  Default ACLs set on a
directory apply to files/directories created within it, so there shouldn't be
a file creation issue.

A periodic scan from a cron find isn't a bad idea either, as it provides you a
mechanism to reimpose correctness even if people do something wrong.  I don't
think you're likely to find that happens to much with ACLs and most people
don't understand how to use them so won't change them ;)