3

Many PHP applications do self-configuration and self-updating. This requires apache to have write access to the PHP files. While chgrp'ing them all to www-data appears like a good practice to avoid making them world writable, I also wish to allow users to create new files and edit existing one.

Is adding users to the group www-data safe on Debian? For example:

775 root www-data /var/www
644 john www-data /var/www/johns_php_application.php
660 john www-data /var/www/johns_php_applications_configuration_file
Cristian Ciupitu
  • 6,226
  • 2
  • 41
  • 55

2 Answers2

4

I usually create a group called "webdev" and add my web developer user and www-data to the group and give it the appropriate permissions for the site/directory/files, etc.

gravyface
  • 13,947
  • 16
  • 65
  • 100
  • 2
    Good idea, i did not think of going the other way around. Adding the httpd to the developer's group is more logical then the developers in the httpd's group. Thank you. –  Jul 26 '10 at 15:37
-1

Why not use mod_userdir?

Kristopher Ives
  • 364
  • 1
  • 3
  • 13
  • mod_userdir dont setuid or setgid apache to the user. Files are still not writable unless they are chmod'ed 777. –  Jul 26 '10 at 14:38