User and Group settings for Apache httpd web server
Archive - Originally posted on "The Horse's Mouth" - 2008-04-22 23:27:03 - Graham Ellis
When you're running an Apache httpd web server, you should run it using a separate daemon user account and group set up for the purpose and not run it as either root (a horrific thing to do, as it would lead to all sorts of security holes) or nobody (another very bad idea, as the "nobody" applications can club together and become a somebody, as the Tsars discovered some 90 years ago).
Under Redhat (Fedora) you'll find both user and group numbers 48 set up as "apache" and you should use them. Under SuSE the equivalent is "www" and "wwwrun". Simply put the names or numbers into the httpd.conf file under teh user and group directive. On other versions of *nix, you may need to set up the account yourself.
Once you have set up your web server in this way, you can create your developer/deployer's account and the web area to be owned by that developer/deployer, in the same group as the web server. Then use the user permissions to control what the developer can read and write, and the group permissions to control what the web server can read and write.