This is probably a fairly basic question regarding permissions, and there are probably better places to ask online, but I'll give it a shot....

On my site, I have the facility to allow file uploads (http-based) for only selected, approved users. Generally, a folder is created by the server and the files are uploaded within this folder.

Also, the domainuser has ftp access to the upload folder and I want the web server to be able to add folders, overwrite the files or add files to the folder.

The problem is, I want the files that are uploaded via http to be accessible by the normal plesk web user and vice versa. So files uploaded via ftp are

user: domainuser
group: psacln

And those via the web are:

user: apache
group: apahce

So one user can't change the other users items...I've figured a few workarounds using php to chmod, but you can't do a chown or chgrp. I've changed the default umask to be 002 (I understand the implications of that) and then changed the httpd process to run as user apache, group psacln -- at least then I'd be covered under group access. But this is not the best thing to do if if start adding virtual hosts, etc. Also, certain apps such as mailmain are required to be running as apache and not psacln.

The bottom line....the domain user and apache user need to be able to change/access files uploaded by each other.

Any pointers to tutorials dealing with this? Any suggestions or personal experiences?

If you set the directory to mode 2775 it will automatically change the group to psacln for any file you create in that directory (the directory, not the files). Since the group is changed to psacln, anyone in that group will have write permissions to those files.


You definitely do not want to mess with the user/group that apache runs as and you won't be able to execute any CGI scripts in those directories because of the group writable permissions.

Thanks so much for the info -- that helps a lot. I always ignore that first number in chmod. :-) So that works for files uploaded via apache. domainuser can now access the files/folder with out problem.

The second part of the problem is that folders created via ftp as domainuser cannot be written to by the apache user. Basically, a user creates a folder and uploads an image file into the folder. When a web page which has a link to this file is loaded, a check is done to see if a thumbnail exists for display. If not, a thumbnail is generated and that is displayed in the browser. However, since apache is not part of the same group, the files cannot be written into this directory, since for others it is read only.

Thanks again....

Then make the apache user part of the group.

The httpd may be running as primary user apache with primary group apache, but the apache user can have secondary groups assigned that it can then access.

(note the distinction between 'Apache HTTPd' and the Linux user 'apache')