Thanks for the response, Mittineague.
I guess the title of my question suggests that I was looking for a (semi-)automated system to create and delete owner and (members of) groups with special privileges. For which you provided some useful links. However, I was just in the dark about the general system to let the server identify/authenticate those with w permissions. I don't mind creating such accounts entirely manually, because my clients are private persons and small to medium businesses at the most.
Fortunately, that 'in the dark' has changed to 'in the twilight', because I later realized that apart from the traditional PHP & members database system, of which I wouldn't know how to upgrade that to a select w permissions system, there is such a thing as .htaccess-controlled access. And I found this tutorial, which already explains a number of matters.
I also realized later that in practice, there is no difference between owner and (members of) said groups, because no one will get x permissions anyway. But I still have a few questions, because this whole security thing is quite new to me:
- Am I right in thinking that under normal circumstances one is only assumed to be the owner if one approaches directories and files with an FTP program?
- Is there a PHP access/permissions method for this purpose after all, and if so, how would that be constructed?
- Would it be advisable to have PHP temporarily change the permissions on a file, and set them back to read-only after the editing by the client is done? Would that even be a must-do?
- Would the security experts here have other suggestions, or maybe tips if I would use either .htaccess or PHP?