There are lots of urban legends around the intrincate complexities of setting up a web server in order to allow more than just one person to work with it. In fact, there are lots of bad habits, unfortunately very well established, like the "make your files writable == chmod 777 rule" which are just plainly Very Bad Ideas, and are also consequences of not understanding how things work.
So how do things work?The main goal is to be able to add and modify files in the web server, regardless of which user does it. And the solution is just a combination of appropiate permissions and groups:
- Identify which user is executing apache in your server. For example, in an ubuntu machine it is usually www-data.
- Identify which users need to be able to read, write and delete files and directories inside the web root. For example, there could be a couple of users called foo and bar. Both need to be able to change files in the server, whether they were created first by them or not.
- Add foo and bar to the www-data group.
- For fixing possible glitches with permissions, do this:
Now, with this set up, everybody in the www-data group can modify stuff in /var/www, and newly created files will belong to the www-data group. And, of course, apache will be able to read and modify those files, so all should work nicely.
- sudo chgrp -R www-data /var/www # change all the files' group to www-data
- sudo chmod g+w -R /var/www # allow people in the group to write to the files
- sudo chmod g+s -R /var/www # set the group id bit, so newly created files and folders inside the folders will inherit the group id of their container
The only problem you can find is that when new files are created or copied they don't get the write permission for its group. A solution could just be to do a chmod g+w right after creating it (that's what I'm doing currently); advanced solutions will involve modifying the mask used to deal with files in the user profile.
ConclussionAs you see, this is a very easy process - it just requires a bit of attention to detail when setting up the server, and saves lots of headaches later. It is mostly useful for people with a dedicated server, or with an in-house machine, like the ubuntu box we have, where we can modify permissions, ownerships, groups, etc, at our will. If you are in a shared hosting solution, I hope your hosting sets up things properly, so you will be able to avoid most of the cases where you need to do a chmod 777 in order to have apache writing stuff to folders that you, as a user, created. It is not that difficult, as you see!
Unfortunately most of the times they set things like this:
- apache is in its own group: apache
- user accounts are in their own group: foo
- stuff created by users, and the very folder for the user files, do not have the GID bit