When enabling userdirs (i.e. ~/public_html) in apache, what is the standard way to set up ownership and permissions of my public_html directory? Ideally I would like to give the apache server permission to do whatever it wants in that directory without making the whole thing world-writable. Is there a standard way to do this?
If the solution involves setting specific ownership or permissions, how can I ensure that any new files created in that directory will automatically receive the appropriate permissions?
Typically on a multi-user system you would simply set the directory executable and leave all files within the directory public readable.
If you run the server yourself, you will have the ability to set the group to the same group as the Apache group and set the directory group writable. Additionally, you would want to SGID, so as that anything created within the directory inherits ownership.
chmod 2771 /path/to/public_html/incoming
If ACLs are available, the putting the following in
/etc/cron.daily/public_html
will make sure that the www-data system user has full access to all public_html folders: