Linux: how to create a super user?

make a group supergroup with the user user_super in it, then

/root/user_1 (chown -R user_1:supergroup)
/root/user_2 (chown -R user_2:supergroup)

Problem with this setup: In most implementations, chown can only be executed by the superuser. Unprivileged (regular) users who wish to change the group of a file that they own may use chgrp. So you would think: perfect, I'll let user_super change the group back to group user_1 or user_2 but chgrp only lets user_super change ownership to one group of which he is a member.

I guess user_super is not root?

You could try using sudo.

Create entries in the sudoers file to allow user-super to take ownership of the files in /root/user-1 and /root/user-2 and also to give ownership back to user-1 and user-2.

Then, user-super would run the first sudo chown command, edit the file, and then run the second sudo chown command to change it back. Don't allow unrestricted sudo chown, but specifiy patterns.

When setting up a mail server, I needed to have apache create mailboxes that would be owned by the virtual mailbox process. so what I did was to create a small script that would create the script and then change ownership to the virtual mailbox process. I added apache to the sudoers file, allowing it to run the script. It works well, but in the interest of full disclosure, you will need to careful in your construction of the script, as security mistakes can be a dozy.

Set the group sticky bit (chmod g+s ) on a directory, so that newly created files inherit the group ownership and group permissions. It will help in case you are dealing with apache hosting and multiple ftp-users.

We circumvent this problem on our servers in apache vs. ftp-users by running apache with mod_itk and setting the vhosts to be run with ftp ownership permissions.