[BlueOnyx:12949] Re: adding a service account to a group

[David Thacker]

>> So we have a developer that created an application that uses the
>> Webserver to write files to some specific folders.   Their application
>> creates the folders with the permissions as 755.  The folders are
>> created with the user nobody, and the group site1.  I manually changed
>> the permissions on the folders as 775, and added the user apache to the
>> site1 group in /etc/groups.
>>
>> Is there a way with BlueOnyx to leave apache as a member of the site1
>> group?  Or to make and keep the directory owner as Apache when the
>> application creates new folders?
>>
>> Or is there a better way to do this?
>
> Yes, there are better ways to do this.
>
> Please take a look at this page:
>
> http://www.blueonyx.it/index.php?page=suphp
>
> When you enable suPHP for a site, you also select one user who owns all
> files and folders of your Vsites web tree. The PHP scripts of that site
> will then also be executed with the UID and GID of that suPHP user. So
> files and folders created by scripts will also directly be owned by him
> and will have the right ownerships.
>
> That way you avoid tearing security holes into your server such as
> adding user "apache" to the site group.
>
> -- 
> With best regards
> Michael Stauber

Drew,

For some added info that is somewhat related, look back to this thread 
"Need CGI script to execute command as root" I started Sept 27 2012 at msg 
11439 and be sure to read the conclusion in msg 11536 on Oct 15 2012. My 
implementation works perfectly, keeping the file ownerships intact the way 
they should be. Not exactly what you are doing but should offer your 
developer some ideas.

Regards,

dAvid tHacker                                  Email: David at ThackerNet.com
Thacker Network Technologies Inc.                http://www.ThackerNet.com