Linux users', specifically Apache, permissions settings, [Linux noob :]

0
votes

I have user:nobody and group:nogroup set for apache in httpd.conf. Since I also use my own user to manage files on ssh through Samba, I would like to have access to the www folder for read/write, and also allow apache to read these files.
Some folders should have apache's write permissions.

Should I leave apache as nobody|nogroup?
I was thinking I should set my own user under a group called say "webadmins" and set apache a new user called say "apache" under the same group. Then allow the group to read from all files, but only my user will have write files. Whenever apache would need a write permission inside a folder, I would manually change that. Is this a fair enough approach or am I missing something?

Thanks!

1
linuxapachepermissions

1 Answers

1
votes

usually any daemon will need to access a number of ressources. it is therefore good practice to run each daemon under a special user:group, rather than nobody:nogroup.

traditionally (e.g. on Debian systems) apache runs as www-data:www-data.

finally, user permissions take precedence over group permissions (which in turn take precedence over other permissions). this means that a directory where the user does not have write perms but the user's group can write is effectively r/o for that user (but not for other members of the group)