I'm exploring creating a Debian package for LORIS and its error-checking tool reports that we are using "non-standard permissions" (according to their standard at least).

These include permissions such as 775 and 664. Typically Linux permissions will be 755 and 644.

From what I can tell, this is because we've proceeded with installation by asking users to create a lorisadmin user and then our install script changes the group to www-data/apache2. This effectively allows the web-server user to do everything that the owner can do. (This is indicated by the fact that the first two permission digits match.)

A better approach to file permissions would be to have lorisadmin as both the owner and the group and add the web user (e.g. apache2) to the lorisadmin group.

This would allow us to use standard 755 and 644 permissions and also eliminate the need to change file permissions on certain directories during the install script.

See also: johnsaigle/loris-debian-package#1