I have user
: nobody
and group
: nogroup
set for apache in httpd.conf
. Since I also use my own user to manage files on ssh through Samba
, I would like to have access to the www folder for read/write, and also allow apache to read these files.
Some folders should have apache's write permissions.
Should I leave apache as nobody|nogroup
?
I was thinking I should set my own user under a group called say "webadmins" and set apache a new user called say "apache" under the same group. Then allow the group to read from all files, but only my user will have write files. Whenever apache would need a write permission inside a folder, I would manually change that. Is this a fair enough approach or am I missing something?
Thanks!
usually any daemon will need to access a number of ressources. it is therefore good practice to run each daemon under a special user:group, rather than nobody:nogroup
.
traditionally (eg on Debian systems) apache runs as www-data:www-data
.
finally, user permissions take precedence over group permissions (which in turn take precedence over other permissions). this means that a directory where the user does not have write perms but the user's group can write is effectively r/o for that user (but not for other members of the group)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.