security question, with users and groups

OK i had an idea so that only users can see open their own files, and listen their own files, AND apache can also read the files

would this work

create a group called apache

set apache to run as the group apache.

now, set all the directories of the sites on the server to be owned by the user who owns them, but change the group of everyones directories to apache.

Then setup so that the user the file belongs to can red,write and list. and also the group can read and list, and other has nothing.

Now, setup the dirs so that when a file is uploaded via ftp, it inherits the folders permissions, and changes from the group that the user who uploaded it belongs to, to the group apache.

That way, any other users on the system cant even list anyone elses files, correct? but apache can, because it runs as group apache. and users who the file belong to can cos they have ownership of the files?

am i right, or completly wrong? thanx security question, with users and groups

 

 

 

 

Top