Setting up multiple user write permission to WWW directory
addgroup www-admin
adduser joe
adduser www-admin joe
setfacl -R -m g:www-admin:rwx /var/www
setfacl -R -m -d g:www-admin:rwx /var/www
chmod -R g+s /var/www
Explanation:
- Create group www-admin
- Create user joe (example)
- Add user joe to group www-admin
- Give members of www-admin rwx access to the web directory (/var/www)
- Set rwx access for www-admin to be a default permission for future files and directories inside /var/www
- Set the setguid flag on /var/www and subdirectories so that future files and directories inside it will inherit group ownership (usually www-data) thereby remaining accessible to the web server.
If we dont do this last step then any files created by joe inside /var/www would be owned by user joe and group joe and the web server will be unable to read them.
Note: this aso sets the setguid bit on files which can have side effects for executable files. Maybe it would be better to apply it to directories only, using find:find /var/www -type d -exec chmod g+s {} +