Changing ownership of files to a group

I did not see a similar question when I searched so here goes.

I am new to Dreamhost, an have for the most part have been happy with the service. I have run into a bit of a problem that I am trying to resolve. I am developing a website for a church (I am a member with web experience not a paid developer.) There are a group of us that are going to be responsible for maintaining the site. I (being a paranoid network administrator by day) do not like shared passwords (and do like audit control of files) so I had the brilliant idea of changing ownership of all of the flles within the site to a group eg. Web_Admin. I could then assign FTP or shell users to this group to allow them access to all of the files within the site.

Will this work?

Will this screw something else up?

Any particular instruction on doing this in this environment so as not to blow up the site, or will standard Debian Linux commands work?

Won’t work very well; I wouldn’t recommend it. Here’s why:

[list]
[] Every file/directory in a UNIX system has exactly one owning user and group associated with it. You can’t assign ownership directly to a group; there’s always one user set as the owner.
[] Only the user owning a file/directory (the user that created it) can ever perform certain operations, such as changing its permissions or group. You cannot “give away” ownership of a file to another user at all.
[*] There is no way to enforce what permissions other users apply to files/directories they create. The default permissions on files typically end up only allowing the owning user to modify them.
[/list]

Trying to allow multiple users to modify files in the same directory without any sort of central management will typically end in tears (e.g, a mishmash of files, all with different owners and permissions, none of which can all be edited by a single user). As distasteful as it is from a security perspective, I’d strongly advise you to stick with a single FTP user. Alternatively, use a CMS such as WordPress, Joomla, or Drupal to manage your site contents.

Thanks that answers that. We are using Joomla for the development of the site, we just have audio files and the like that will need to be uploaded on a regular basis. I will look at creating a directory structure that the single user can get to without mucking up the remainder of the files.

Thank you for your help.

I’m currently using Drupal 7 for one of my project sites. I have the modules IMCE, Wysiwyg and IMCE Wysiwyg API bridge. With this I am able to assign people to roles that are able to upload to their own directories and it will also let you control how much space they are allowed to use. Something like that might be useful to you. I can’t really say if Joomla has anything similar as I have only installed it for people and don’t have a very extensive knowledge of the modules and such available for it.

Does Joomla not have some sort of native facility for uploading files? Surely that’d be easier to manage than a bunch of FTP users.

Joomla does have a way to upload files, I think it is easier to use an FTP client and be done. You would still be managing users, just in Joomla instead of the dashboard or shell. This is my first foray into Joomla and some stuff is pretty good and other things I am not overly enthused about. I still like FTP/SFTP for file transfers.

What made me think of my original solution is the Sudo group in ubuntu variants. That group has root access (after password prompt) while not being the root user. I guess I was hoping to get some functionality similar to that. A group of trusted users that could read and write to the file system without using a standard generic login. Probably I will end up with a single FTP account.