App server permissions/configuration question

Hello,

We have several personnel that update and work on our DaDaBik apps. They have admin rights in the app but they also need the ability to edit files directly on the server sometimes. We are running Apache on a Linux server.

On our server we would like them to be able to access the /srv/www/htdocs/appname/include/ folder and some folders under there like the custom_php_files folder where they maintain their own scripts.

Currently the entire server tree as well as the include folder are only accessible by the Apache user and www group (700 permissions).
We do not want to grant those users root or Apache permissions. How would you recommend adjusting access to the files and folders so they can get to the custom_php_files folder but not have the parent include folder be unnecessarily vulnerable?

Do you typically add users to the apache group or is it better to add world execute permissions on the include folder? I would like to know what the best practice is.

Thanks,

-Todd


License Details:

You are using DaDaBIK version 10.2-Manarola enterprise, installed on 09-02-2020 (installation code: 158915f4f29e1eb7f6), the latest version of DaDaBIK is

There are problems with the Internet connection, we cannot check if there are upgrades available.

System info
PHP Version: 7.2.5

mysql version: 5.5.5-10.2.31-MariaDB

Web server: Apache

Client: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36



We are also using and upgrading our apps to DaDaBik 11.0 and 11.1 but this question applies to all 3 cases.
 
Top