[CentOS] Managing permissions for web folders

Ruslan Sivak

russ at vshift.com
Thu Sep 1 20:47:03 UTC 2011


We have a web folder /var/www/somesite that's a root for one of the sites.
 Apache serves files out of here.

It is an svn checkout, so that updates could be done by using svn up.

Everything has been going great when I use the root user to update, but now
I need to give access to other people to make deployments, and it doesn't
seem to be easy to do using regular users.

I have created a group called staff and added the new user to it, lets say
user1.

I ran the following commands to set the permissions

find . -type d -exec chmod 2775 \{} \;
find . -not -type d -exec chmod 0664 \{} \;
chown user1.staff .

This allows the user to make deployments.

Now comes in user2.  User2 is also a member of group staff, so he can also
make deployments.  We haven't ran into any issues yet, but I believe as long
as the files are owned by staff, both users can change the files, no matter
which one of them owns it.

Now we also need to give apache write access to a folder.  Lets say
/var/www/somesite/files.

There are several options here.
- We can add apache to the staff group, but this would give apache access to
the whole /var/www/somesite tree.
- We can change the group to apache.  We will need to add user1 and user2 to
the apache group.  One of the problems with this is that the users would
have access to everything that apache has access to.  Another problem is
that while user1 can run chmod -R user1.apache files, it will fail if the
files are owned by someone else (like user2 or apache).  Is there a way to
get around this?

Am I going about this the wrong way?

Russ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos/attachments/20110901/3b5a2a79/attachment.html>


More information about the CentOS mailing list