I use a home-rolled (mostly files-based) CMS I’ve been working on for a decade. As a developer I use ssh, bash, perl sed occasionally awk and php to make my sites work. I try to avoid mysql and use it only for forums and shopping carts. Not counting LOG files I have all files in my DOCUMENT_ROOT belong to me instead the apache process. I’ve never been hacked.
But a growing number of customers want to be able to upload images and short, newsy html fragments. Others want to be able to change the text on any and all pages. To allow editing with a files-based system I have to give file system write permission to the apache process. Which makes me nervous.
I’d like to figure out a way to make the entire DOCUMENT_ROOT read only in between short-lived editing sessions, and still have the file system belong to me instead of pseudo user apache.apache
I could see using an https form to invoke some compiled setuid C-code, that runs as me, that does a chmod -R on the document root. But maybe that’s a bad idea no matter what. Is there any other way to do this? Or do I have to: chown -R DOCUMENT_ROOT apache.apache? Perhaps that’s best. An https form would could chmod the file system just long enough to make edits. And then make it read only again.
What am I not thinking about?