Apache vs User file owner

Question

(UNIX/LINUX)

Usually on a local Development Environment we fight with permission, this is really annoying things because sometime what we think is a code bug is just a file not accessible to apache.

The main problem is that some files are created by Apache ( so the web app ) other are created by the developers ( IDE or Editor )

The solution that I use it to add my user to apache group:

-sudo usermod -a -G www-data <username> -sudo chgrp -R www-data /var/www

The issue is that when I create a new file with my IDE the files have [my user]/[my user] as owner and sometime apache is not able to read these files ( depending on the permission s flags) So I'm forced to re-execute sudo chgrp -R www-data /var/www

Any solution to avoid this ?

Answer 1

I have found this question: that ask for something different but the answer looks to be a solution, here what they say (KahWee Teng):

You add yourself into the group with:

sudo usermod -a -G www-data <username>

Change the group to www-data just in case you haven't:

sudo chgrp -R www-data /var/www

Get new files to inherit the permissions (775) (sticky bit)

sudo chmod -R 2775 /var/www

The key is this last step (2775)

Answer 2

Three main solutions

Set User ID / Set Group ID

sudo chmod -R 2750 www-data /path

Use apache ITK with AssignUserId (privilege seperation)

<IfModule itk.c>
  AssignUserId www-data www-data
</IfModule>

Add apache to your IDE group (not recommend)

Side Note

Set User Id could be potentially dangerous as users (apache, so nearly the all world) can gain extra privileges by using files that grant them different (enanched) privileges, so you have perfectly to know what are you doing