Attempting to expand on @Zoredache's answer, as I give this a go myself:
Create a new group (www-pub) and add the users to that group
groupadd www-pub
usermod -a -G www-pub usera
## must use -a to append to existing groups
usermod -a -G www-pub userb
groups usera
## display groups for user
Change the ownership of everything under /var/www to root:www-pub
chown -R root:www-pub /var/www
## -R for recursive
Change the permissions of all the folders to 2775
chmod 2775 /var/www
## 2=set group id, 7=rwx for owner (root), 7=rwx for group (www-pub), 5=rx for world (including apache www-data user)
Set group ID (SETGID) bit (2) causes the group (www-pub) to be copied to all new files/folders created in that folder. Other options are SETUID (4) to copy the user id, and STICKY (1) which I think lets only the owner delete files.
There's a -R
recursive option, but that won't discriminate between files and folders, so you have to use find, like so:
find /var/www -type d -exec chmod 2775 {} +
Change all the files to 0664
find /var/www -type f -exec chmod 0664 {} +
Change the umask for your users to 0002
The umask controls the default file creation permissions, 0002 means files will have 664 and directories 775. Setting this (by editing the umask
line at the bottom of /etc/profile
in my case) means files created by one user will be writable by other users in the www-group without needing to chmod
them.
Test all this by creating a file and directory and verifying the owner, group and permissions with ls -l
.
Note: You'll need to logout/in for changes to your groups to take effect!
Like anything in business, this comes down to requirements and cost-effectiveness. It depends(tm).
Here we go again! >smile< You'll end up with religious arguments in this post, if it goes the way that most of the posts about backup have on Server Fault.
You'll have the curmudgenly old guys like me who still generally recommend tape versus the trendy young guys who want to use disks like they were tape cartridges. Someone will bring up long-term retention and the longevity of tape, and someone else will chime in about how they have some IDE hard drives from 1992 that still work great.
After that, someone will mention the cost of tape media being less, per GB, than hard disk drives. Someone else will point to a weekly NewEgg special on 1TB hard disk drives and say that tape is more expensive. Someone else will factor in the cost of the tape drive and calculate the "break even" point for tape.
(No one usually argues for optical media, but I suppose there's a chance someone might.)
Personally, I wouldn't trust disks for long term archiving. You could use disks like tape cartridges (that Dell RD1000 that Russ Warren mentons is just 2.5" SATA drives inside a plastic enclosure that makes them seem "tape like" and, no doubt, is built to withstand some abuse), but you should think about the cost per media and the conditions in storage and transport.
Edit:
I've done a little spreadsheet (available at http://mx02.wellbury.com/misc/20090713-Server_Fault_Backup_Roundup.xls) that compares the following (with their calculated 1st year cost including drives):
- eSATA (500GB drives) - $1,300.00
- eSATA (1TB drives) - $1,950.00
- LTO-4 (internal drive, 1 tape / day) - $2,766.00
- LTO-4 (autoloader, 1 tape / day) - $4,566.00
- LTO-4 (autoloader, 2 tapes / day) - $5,632.00
- Dell RD1000 (1 500GB cartridge / day) - $16,224.00
- Dell RD1000 (2 500GB cartridges / day) - $31,199.00
I assumed a 5 day / week, 5 week rotation (35 days until a tape comes back around), running "full" backups with compression every day. I included the 500GB eSATA and RD1000 drives even though it was unclear if they'd actually hold the backup corpus or not.
I didn't factor in any kind of eSATA enclosures into my pricing. Realistically, there would need to be something surrounding the disks, but that's so subjective that I decided not to even bother. Handling those disks "bare" is asking for static electricity-induced damage to the circuit boards.
It's unclear what to say for a media replacement strategy. The SATA drives are warranted for 3 years (Hitachi), but I don't how they'd hold up to this kind of use. The LTO-4 tapes are lifetime warranted and typically good for 200 - 250 full passes (which would be over 19 years of use in this scenario). I have no idea what to say about media replacement on the RD1000's.
Those little 500GB 2.5" SATA drives in plastic boxes (aka RD1000 cartridges) at $599.00 ea. from Dell are a bit pricey, especially comapred to $50.00 500GB SATA drives or $41.00 LTO-4 tapes!
Best Answer
I'd probably say rsync with your Amazon S3, but keep in mind that its 30gb, so bandwidth costs will be high (if you pay 95%) and it'll take a long time to get your initial push up there. Once your data is up there just keep the files rsynced nightly / weekly / whatever your preference is.
however, Thats ONLY the backup side, dont forget about recovery. I'd purchase a second server in a second datacenter, have similar builds, and rsync the changes nightly.