group permissions or symlinks best practice

jmikeneedham · 08-21-2009, 10:44 AM

Hello All:

I was about to post a new thread and saw that there are several answers out here already and I have done the new group permission one on my server -- actually on my test server I just added "my user" to the group "root" to gain rw access to /var/www/htdocs/.

Someone suggested that the proper way might be to do symlinks to the directory in a real production environment and I wanted to find out if that is the *best* way to go or whether to actually make a group "www_admin" (pick your favorite flavor of this) and add my users to that group?

I guess I am looking for the "best practice" in a real corporate production environment that is most secure.

Thanks,

Mike

unixfool · 08-21-2009, 11:16 AM

I think you should've actually created a new thread...this one is VERY old and will probably be locked by the admins.

win32sux · 08-21-2009, 07:20 PM

jmikeneedham, I've moved this to a new thread (please don't resurrect dead threads).

anomie · 08-22-2009, 05:00 PM

Quote:

Originally Posted by jmikeneedham

Someone suggested that the proper way might be to do symlinks to the directory in a real production environment and I wanted to find out if that is the *best* way to go or whether to actually make a group "www_admin" (pick your favorite flavor of this) and add my users to that group?

I'm not sure I understand the "do symlinks to the directory" suggestion. Creating a symlink doesn't allow you to magically override permissions that are in place. Which is to say: I would need to see a working example before commenting.

The second suggestion sounds fine -- creating a wwwadmin (or similar) group, setting group ownership with write access to the directory, and adding the needed accounts to wwwadmin.