Is adding users to the group www-data safe on Debian?

Posted by John on Server Fault See other posts from Server Fault or by John
Published on 2010-07-26T11:32:33Z Indexed on 2014/06/08 21:28 UTC
Read the original article Hit count: 260

Filed under:
|
|
|
|

Many PHP applications do self-configuration and self-updating. This requires apache to have write access to the PHP files. While chgrp'ing them all to www-data appears like a good practice to avoid making them world writable, I also wish to allow users to create new files and edit existing one.

Is adding users to the group www-data safe on Debian? For example:

775 root www-data /var/www
644 john www-data /var/www/johns_php_application.php
660 john www-data /var/www/johns_php_applications_configuration_file

© Server Fault or respective owner

Related posts about apache-2.2

Related posts about php