On 12/24/2013 10:37 AM, Raffaele Morelli wrote:
<snip>Incorrect. Apache writes or creates NOTHING. The web server user can create and write files from a script, but it is not Apache doing it.
Are u kidding? Apache writes and creates everything you want if
directory/files permissions are designed for and that is what you want.
I agree with the others. User-created files should never be owned by root. On my servers, files are owned by the person doing the uploading (which is NOT www-data) and are accessed read-only by group permissions (with www-data being a member of the group).
On local systems, files are owned by the user creating the files (again, not www-data), and accessed via the group.
Having user files owned by root means they can only be edited by root (unless you extend the group permissions - in which case www-data can also change the permissions). And you should only use root when you need to change system configurations, update packages, etc. Not for general user file editing.
Jerry