On Tue, Jan 16, 2001 at 07:22:05PM +0000, Rob VanFleet wrote: > I have the permissions on /var/www set so that any file created within > it is owned by www-data. Currently, www-data does not have write access > to the files. What I want to do is set it up so that any file created > in /var/www is owned by www-data and www-data has write permissions to > it, so that files created by different people can be edited by anyone in > www-data. first this is a very bad thing to do, now the web server will have write permission to your entire site, and if its compromised the attacker will be able to replace it. normally a httpd compromise won't allow for site defacement since no files are owned by the web server account: www-data. you should create a different account for this purpose. > I hope that made sense. > > Is there some sort of way of setting a group umask maybe? you can force all files to be created with a certain *group* ownership, but not with a certain *user* ownership. chgrp www-files (not www-data) /var/www chmod 2755 /var/www now when you create files in /var/www as user `joe' the ownership will be joe.www-files if you want to have it so when joe creates a file there it gets ownership www-files.www-files. this is impossible. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgp_o5W7xfey4.pgp
Description: PGP signature