I have a server running multiple websites, with each website configured as a separate vhost. Some trusted users require shell access to the web server, but in an effort to prevent abuse and accidental misconfiguration, each user is only allowed write access to their own website directory. The way in which this is currently implemented is that each website has the ownership set to username:apache
where 'username' is the username of the person who is allowed write access to the directory, and 'apache' is the group name to which the actual Apache user belongs.
This configuration works, to an extent. Users are able to edit existing files and create new files without any problems. However, since most of the sites are driven by various CMS software, all content written to the directory by the CMS (ie. the webserver / Apache) is written as apache:apache
, and the user does not receive write access to the new files.
My questions:
- What is the best way to set up such a configuration whereby multiple users are allowed write access to their own directories only, and whereby files written by the webserver are also writable by the user?
- Is it possible to instruct Apache to write data for certain vhosts as another user and group?
Take a look at apache2-mpm-itk and/or suPHP.