Has anyone got a nice solution for handling files in /var/www/ ?
We’re running Name Based Virtual Hosts and the apache2 user is ‘www-data’
We’ve got two regular users & root. So when messing with files in /var/www ,rather than having to…
chown -R www-data:www-data
…all the time, what’s a good way of handling this?
Supplementary question. How hardcore do you then go on permissions?
This one has always been a problem in collaborative development environments.
Cheers.
I am not entirely how you want the permissions, but this may give you a starting point. There probably are better ways. I am assuming you want both users to be able to change anything under /var/www/
- Create a new group (www-pub) and add the users to that group.
- Change the ownership of everything under /var/www to root:www-pub.
- Change the permissions of all the folders to 2775
- Change all the files to 0664.
- Change the umask for your users to 0002
This means any new file created by either of your users should be username:www-pub 0664 and any directory that gets created will be username:www-pub 2775. Apache will get read access to everything via the ‘other users’ component. The SETGID bit on the directories will force all files being created to be owned by the group that owns the folder. Adjusting the umask is needed to make sure that write bit is set so that anyone in the group will be able to edit the files.
As for how hardcore I go on permissions. It completely depends on the site/server. If there is only 1-2 editors and I just need to keep them from breaking things too badly then I will go easy. If the business required something more complex then I would set up something more complex.
Check more discussion of this question.