On Sat, 2006-08-05 at 22:02 +0800, Deepak Shrestha wrote: > Thanks for all the suggestions but I am bit confused here. May be I > should have asked the question in different way. In general what I > wanted to know is, how the root will give permission to group of web > developers (supposing PHP developers) in "/var/www/html" directory so > that they can read/write/modify the contents. In formal words, what is > the best practices for this? Do web developers do their jobs in other > machine than the one which is hosting web, then root will pour the > content after the job is finished??? > > I am asking this because it is possible to directly edit the web > contents in windows machines (supposing using IIS, dreamweaver). > > In linux I guess the question is more on the ownership of ceratin > directory (who own what and how secure when its live in the web??) > > > >>You might consider checking out the UserDir directive in the httpd.conf > > >>file (disabled by default), which would enable your users to host pages > > >>(including PHP) in their ~/public_html directory and access them via > > >>http://server.name/~username/ > > >> > > >>That would avoid the need to open up /var/www/html. > > this option is ok but this is not what I exactly want. What if group > of developers are developing a main website instead of hosting their > personal pages from their home dierectory? Well this is a different issue really than what you originally posted about, which was that you were learning PHP. Two approaches you might consider would be: 1. Create a user account for your web data to be held under, change the ownership of /var/www/html to that user, and have your web designers use that account name and password when uploading their files from their windows machines to your web server. This is a fairly simple approach but it's difficult to tell who wrote which files. 2. Create a group account for your web data to be held under, and make each of your web designers' accounts a member of that group. Change the group ownership of /var/www/html to that group, and make it group writable. Make sure that whichever means you use to upload files to this area (e.g. FTP server) has an appropriate umask setting so that it writes files with the group write permission set. Each file uploaded will then be owned by the person that initially uploaded it, but can be overwritten by any other member of the group. Paul.
