codefaze
asked on
Recommended file permissions for /var/www/html
Hello Experts - Linux Newbie with a question.
I am running Fedora5 with Apache2 and have a question about file permissions. I want to allow developers the ability to SSH in and modify files. I am using /var/ww/html directory and each website in a subdirectory has permissions of 755 with Owner=root and Group=Apache.
When the developers SSH in they are unable to edit or modify the files. Right now they have to SU as root. I used webmin and changed their primary group to root but that still didn't work. Right now they are having to su as root. I'd prefer to have them use their regular account. I was trying not to change the permissions of the files from root:apache for fear of breaking something on the website.
Suggestions?
I am running Fedora5 with Apache2 and have a question about file permissions. I want to allow developers the ability to SSH in and modify files. I am using /var/ww/html directory and each website in a subdirectory has permissions of 755 with Owner=root and Group=Apache.
When the developers SSH in they are unable to edit or modify the files. Right now they have to SU as root. I used webmin and changed their primary group to root but that still didn't work. Right now they are having to su as root. I'd prefer to have them use their regular account. I was trying not to change the permissions of the files from root:apache for fear of breaking something on the website.
Suggestions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I use Tintin's method. I have a group called webowner which owns all files and directories in the document roots for my various sites. At the user level, all are owned by Apache's user.
ibu1's solution creates a vulnerability by allowing developers to change files used for the apache server itself. No one but apache should be part of apache's group.
ibu1's solution creates a vulnerability by allowing developers to change files used for the apache server itself. No one but apache should be part of apache's group.
usermod -g developer apache
Before that delete the developer user from the root group.