Set owner:group and 770 chmod to apache2 created files
https://stackoverflow.com/questions/12826731
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I would like configure apache to create files with personalized owner:group and chmod. I have an folder of website who need to be manipulated by apache + (ftp) user.
Actually i do an (where 'mygroup' is group of ftp users)
chown www-data:mygroup -R /my/website/files
chmod 770 -R /my/website/files
But when apache2 manipulate files and create files or folders, they have
-rw-r--r-- 1 www-data www-data
Any idea for configure apache2 ?
Edit: Debian 6
Solution
There is no real good way to do this AFAIK. Stock version of Apache doesn't have a mechanism to spawn workers under different users per request. All of its workers operate under the user and therefore can't write files as another.
That being said, there are some ways around this.
The first way will require you to run Apache as root. Apache, as it sits on your server, is running under an unprivileged user. Unprivileged users can't change the user that they run under. Only processes run as root can do that. If you are willing to run your Apache as root, there is a multi-process mod available here. What it does is allow you to run each VHOST under a different user (defined in your config). That means you would now also need to set up each user with their own VHOST. This way would work, but you are sacrificing a bit of security by doing this.
The second, more secure, but more "hacky" way to do it would be to run completely new and individual version of Apache for each user. So you have an Apache with its own set of config files JUST for userA, another Apache with its own different and separate set of configs just for userB, etc. Each instance of Apache could listen on a different port (i.e. userA's listens on port 8080, userB on port 8081...). Then you could use some kind of front end reverse proxy to sort it all out and route the traffic to the appropriate Apache instance.
OTHER TIPS
Looks like you are working under openSUSE or SLES.
If so, take a look at the file /etc/apache2/uid.conf...
For the umask: not sure actually. What certainly works is to create a .profile file under the apache users home directory and set the umask in there. But I bet there is a more elegant solution!
