LinuxQuestions.org - Having a hard time with permissions...

Hi there

I'm pretty new to Linux sysadmin and despite reading lots on file permissions I'm still banging my head against the wall on this one.

I have an Ubuntu VPS which hosts my Drupal website. On this server I have created a new user called deploy. This is the user used by a the code deployment platform that I'm using, DeployHQ, when it connects to the server via SSH. The service connects to the server, uploads files and then should execute the make command provided by the Drupal CLI tool Drush. This command, bascially, retrieves code from repositories and builds the project but all the retrieved files are written to the /tmp directory before being moved into place.

I gave the deploy user a secondary group of www-data and changed all the files within the project to be owned by ubuntu (admin account) and in the www-data group with permissions of 775. I did this because Apache will also need to be able to write to some directories (file uploads).

Having deploy in the www-data group I expected that there would be no issues moving the build from /tmp to the project directory as the command is executed by the deploy user and it should have permissions to change the files in the project directory by definition of it's group but the build does not move. Next I tried changing the primary group of deploy to www-data but still the build doesn't move into place. Unfortunately the only way I can get the Drush make command to execute entirely is to change all files within the project directory to be owned by deploy and in the deploy group which doesn't seem right plus causes problems for Apache.

Where am I going wrong?! The permissions system doesn't seem that complicated but I'm clearly not doing something right.

Any help greatly appreciated...