What is the basic structure/set-up of a permissions management system?

I created a custom CMS, with CKEditor and CKFind. Sweet and simple, even if I say so myself. And I know how to set the write permissions on the editable files for the client (owner), with FileZilla. But how do I create a system to let the (Linux & PHP) system identify the owner? That owner is to edit the files with CK~ in his browser, not with a code editor like we use. And he should neither have to use an FTP upload program.

I’ve been googling for a couple of hours, but all I get is tutorials on the codes for the permissions (r-w-x, and the numeric codes). Nothing on the basic structure/set-up of a permissions/access management system for use ‘from the outside’, when the owner uses a browser.

Does anyone know a good tutorial on that, or can anyone explain me the basics?

Not the most helpful, but I think you’ll have better luck searching for “role” eg.


Thanks for the response, Mittineague.

I guess the title of my question suggests that I was looking for a (semi-)automated system to create and delete owner and (members of) groups with special privileges. For which you provided some useful links. However, I was just in the dark about the general system to let the server identify/authenticate those with w permissions. I don’t mind creating such accounts entirely manually, because my clients are private persons and small to medium businesses at the most.

Fortunately, that ‘in the dark’ has changed to ‘in the twilight’, because I later realized that apart from the traditional PHP & members database system, of which I wouldn’t know how to upgrade that to a select w permissions system, there is such a thing as .htaccess-controlled access. And I found this tutorial, which already explains a number of matters.

I also realized later that in practice, there is no difference between owner and (members of) said groups, because no one will get x permissions anyway. But I still have a few questions, because this whole security thing is quite new to me:

  1. Am I right in thinking that under normal circumstances one is only assumed to be the owner if one approaches directories and files with an FTP program?
  2. Is there a PHP access/permissions method for this purpose after all, and if so, how would that be constructed?
  3. Would it be advisable to have PHP temporarily change the permissions on a file, and set them back to read-only after the editing by the client is done? Would that even be a must-do?
  4. Would the security experts here have other suggestions, or maybe tips if I would use either .htaccess or PHP?