I have an Apache permissions puzzle and I am hoping someone will have some ideas. The scenario is this:
On a small Linux, Apache, PHP based e-commerce web site, there is the e-commerce site, which has a directory for images that holds thumbnails and full size pictures of the products for sale. It is necessary for the web-browser (user to be able to read the files and execute on the directory for site operation. Normally, I would make the files owned by root and readable by others for this purpose.
There is also a separate administration page, written in PHP, that operates on this same server. The administration page is on an HTTPS and requires certificate authentication to use it. The administration page, when browsed on a remote machine, allows you to point to an image to assign to a product and it automatically places the scaled images in the product directory. In order to do this, Apache must have write permissions to this directory.
Currently, I have the directory owned as root: and have allowed group write permission. This enables the administrative site to function, which writes the files and sets them owned as I am (rightfully ?) concerned about leaving a directory with generalized Apache write permissions. Is there a way to allow only the administrative page/application/script write access to this directory to perform maintenance functions while restricting the permission from everyone else?
On a small Linux, Apache, PHP based e-commerce web site, there is the e-commerce site, which has a directory for images that holds thumbnails and full size pictures of the products for sale. It is necessary for the web-browser (user to be able to read the files and execute on the directory for site operation. Normally, I would make the files owned by root and readable by others for this purpose.
There is also a separate administration page, written in PHP, that operates on this same server. The administration page is on an HTTPS and requires certificate authentication to use it. The administration page, when browsed on a remote machine, allows you to point to an image to assign to a product and it automatically places the scaled images in the product directory. In order to do this, Apache must have write permissions to this directory.
Currently, I have the directory owned as root: and have allowed group write permission. This enables the administrative site to function, which writes the files and sets them owned as I am (rightfully ?) concerned about leaving a directory with generalized Apache write permissions. Is there a way to allow only the administrative page/application/script write access to this directory to perform maintenance functions while restricting the permission from everyone else?