CentOS web files permissions for Apache and FTP

After more research it seems like another (possibly better way) to answer this would be to setup the www folder like so.

1. sudo usermod -a -G developer user1 (add each user to developer group)
2. sudo chgrp -R developer /var/www/site.com/ so that developers can work in there
3. sudo chmod -R 2774 /var/www/site.com/ so that only developers can create/edit files (other/world can read)
4. sudo chgrp -R www-data /var/www/site.com/uploads so that www-data (apache/nginx) can create uploads.

Since git runs as whatever user is calling it, then as long as the user is in the "developer" group they should be able to create folders, edit PHP files, and manage the git repository.

Note: In step (3): '2' in 2774 means to 'set Group ID' for the directory. This causes new files and sub directories created within it to inherit the group ID of the parent directory (instead of the primary group of the user) Reference: http://en.wikipedia.org/wiki/Setuid#setuid_and_setgid_on_directories

This is what groups are for.

You can add the ftp user to the apache group, and vice-versa. Or, even better, you could add them to a third group that you create specifically for this purpose.

e.g.

# groupadd mygroup
# useradd -G mygroup ftp
# useradd -G mygroup apache
# chown -R :mygroup /var/www
# chmod -R g+rw /var/www

Those commands do the following:

1. Creates new group 'mygroup'
2. Adds ftp user to mygroup
3. Adds apache user to mygroup
4. Recursively grants group ownership to contents of /var/www/ to mygroup
5. Recursively grants group read & write perms to contents of /var/www/

You just need to make sure that files added in the future belong to the 'mygroup' group and have the appropriate permissions for both apache and ftp to read/write them.