Granting directory access to apache docroot
 

Newbie security question. I'm running CENTOS5. I have disabled password entry to enhance security and turned off remote root access. I setup a remote login user account with a private key called user1. I want to give user1 access to the apache docroot so he can upload files. The apache docroot directory is owned by the daemon group. I put user1 into that group and user1 can not write to that directory even though daemon has 755 access to the docroot directory.

Q1 How do I safely give user1 upload access to docroot?

Use ACLs ('man acl; man getfacl; man setfacl') and search LQ for "setfacl" or see an example at http://stackoverflow.com/questions/4...rmission-issue.

Give write permission to group. chmod g+w or chmod 775.
Mind that after adding the user to the group you have relog to have it take effect.

Is there any security significance to the 'daemon' user?

Sems like it owns the apache daemon. Dunno if any other services are running with a member of this group. Get a listing of the group members and take a look.
You could also chown the group to the group of user1. Or use acl's like unspawn suggested.