running apache under its own user account
Posted on 2006-10-28
I have a dedicated server I want to configure to get around this problem:
Only files owned by Apache are accessible to PHP scripts, this is often impractical when many developers are working on the same project, or when you want PHP to read a file without changing its ownership. And visa-versa: files created by Apache are not accessible by my user account when I ftp.
I had a linux admin set up the server but he's gone awol on me.
Here's what's been done so far:
Created an Apache group:
When I ftp in and create a directory, its ownership is:
When I upload a file:
safe_mode = Off
safe_mode_gid = On
(With safe_mode_gid enabled instead of safe_mode, PHP will be able to open files that belong to Apache's group regardless of the owner, so if there are several developers working on the same server, add them to Apache's group, make it their default group, and everything should be set.)
Apache runs as nobody, nobody. Do I add nobody to the Apache group, or do I change the user account apache runs under to Apache (and how)
According WebMin, both user Apache and nobody belong to these secondary groups. Why so many? Is this right?
cw <-- another user
awarner <-- me