Currently I'm the developer, maintainer, admin etc on a LAMP server with a few websites on an intranet.
The responsibilities need to be split so we'll have a root user, a sysadmin user (can remotely login and su to root), a MySQLadmin user and one or more (maintenance) users for the websites.
The websites usually contain a subdirectory '
files' where apache needs to be able to write files.
I always run into the issue that I have to chmod the '
files' directory to apache which can not be done by the maintenance user as he/she is not a member of the apache group. Also restoring a backup (from a tarball) causes problems as the '
files' directory now belongs to the primary group of the maintenance user.
Therefore I have been thinking to make 'apache' the primary group of the maintenance users.
I however can not oversee the security implications. Is it advisable or is there a better way?
Can somebody please advice about these implications?
Code:
/home
+-- website1
| +---- www (document root)
| | +--- files (need to be writable by apache)
| +---- inc
+-- website2
| +---- www
| | +--- files
| +---- inc
Thanks in advance, WimS