CentOS - May 2011 - allowing users to write to a web content area

Hello,
I've got apache running on a centos 5.6 machine. All of my users have
a umask of 077 set in /etc/bashrc. I'm now wanting to give several of
them permission to write to a web area so they can place content
visible to the web server. I've got two groups webdev1 and webdev2
which I want one to be able to write to site1 and the other to site2.
I've got between 3 and 5 users in each group. I'd prefer not to mess
with these users umask settings, but want the correct permissions and
ownerships user:webdev1 or user:webdev2 where user is the username of
the person who placed the file. Permissions I believe should be 664 so
apache can read the files.

I'm wondering if I need to look in to ACLS which I've not used or if
there's another solution?

Thanks.
Dave.

On Monday 16 May 2011 06:19:49 David Mehler wrote:
> Hello,
> I've got apache running on a centos 5.6 machine. All of my users have
> a umask of 077 set in /etc/bashrc. I'm now wanting to give several of
> them permission to write to a web area so they can place content
> visible to the web server. I've got two groups webdev1 and webdev2
> which I want one to be able to write to site1 and the other to site2.
> I've got between 3 and 5 users in each group. I'd prefer not to
mess
> with these users umask settings, but want the correct permissions and
> ownerships user:webdev1 or user:webdev2 where user is the username of
> the person who placed the file. Permissions I believe should be 664 so
> apache can read the files.
> 
> I'm wondering if I need to look in to ACLS which I've not used or
if
> there's another solution?
> 
> Thanks.
> Dave.
It seams obvious... add the apache user to both webdev1 and webdev2 groups and 
you are done... no need to change umasks and perms :)

Marian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.centos.org/pipermail/centos/attachments/20110516/2ebf4064/attachment-0005.sig>

Marian Marinov wrote:
> On Monday 16 May 2011 06:19:49 David Mehler wrote:
>> Hello,
>> I've got apache running on a centos 5.6 machine. All of my users
have
>> a umask of 077 set in /etc/bashrc. I'm now wanting to give several
of
>> them permission to write to a web area so they can place content
>> visible to the web server. I've got two groups webdev1 and webdev2
>> which I want one to be able to write to site1 and the other to site2.
>> I've got between 3 and 5 users in each group. I'd prefer not to
mess
>> with these users umask settings, but want the correct permissions and
>> ownerships user:webdev1 or user:webdev2 where user is the username of
>> the person who placed the file. Permissions I believe should be 664 so
>> apache can read the files.
>>
>> I'm wondering if I need to look in to ACLS which I've not used
or if
>> there's another solution?
>>
>> Thanks.
>> Dave.
> It seams obvious... add the apache user to both webdev1 and webdev2 groups
and
> you are done... no need to change umasks and perms :)
This would give apache write access to the site contents, which is bad 
practice.

It also won't solve the umask issue.
Since the OP wants all members of webdev1 to have write access to site1, 
he needs the setgid bit active on site1/ . And he needs all files in 
site1/ to be 664 as he says.
But with a umask 077 for all users, any new file created by a user will 
be 600.
I don't know how to solve that cleanly at file creation (but I don't 
know ACLs).
You could ask your users to try to remember to chmod any new files; and 
have a find command running in cron regularly to do the chmod when they 
forget.