This question helped me quite a bit:
What's the best way of handling permissions for Apache 2's user www-data in /var/www?
I would like to take the above question further, I want to be able to use upload scripts for some web applications, host cms etc.
So, as it stands, all files /var/www/ are owned by root and belong to the group www-pub, all directories have 775 and files have 664.
I threw together a simple image upload script that grabs an image, creates a directory called "pictures" if it doesn't exist, and saves the picture. I created the files in a new directory within /var/www/ with a user called testuser1, belonging to the group www-pub.
So far so good, can access it in the browser... but, as expected the script cannot create the folder "pictures". If I create the folder manually and grant it 777 permissions, the script will execute as expected.
Is this the correct way to go about this? I have a feeling that the script itself shouldn't haven public write privileges. But it seems a bit tedious to set up individual permissions for directories that require write access from www-data, especially when it comes to some bigger projects. Is it even OK to have a directory with 777 permissions?
Any advice would be great, thanks!