[lug] apache vhost / php perms
Hugh Brown
hugh at math.byu.edu
Wed Apr 16 21:28:33 MDT 2008
George Sexton wrote:
> SetGID applied to a directory makes any new directories or files created
> in that directory set to the group of the parent directory.
>
> I don't think it's any particular security issue since it's applied to
> the directory, and the only effect is to make any files or directories
> owned by the group.
>
I've done something similar and found that I had to write a cron script
that would fix the group permissions and make sure that group had
read/execute where appropriate.
As a test, I just did:
mkdir foo
chgrp group2 foo
chmod g+s foo
cd foo
rsync -av remote:s* .
ls -l at the foo level had group2 but everything below that level had
group1 (which is the default group for the user).
So, if all of the vhosts share the same parent, you can set a cron
script to run and do:
chgrp -R apache /vhost/parentdir
find /vhost/parentdir -type d -exec chmod g+s {} \;
Hugh
More information about the LUG
mailing list