The eternal 'how to allow user to edit www-data files' problem.

[Chris Green]

I have bumped up against this problem for many, many years and have
never found a really satisfactory solution.

I want user 'chris' to be able (easily) to edit files owned by user
www-data without affecting their use by apache2.

I have several (small, low traffic) web sites hosted on a virtual
server using apache2.  These web sites use dokuwiki and so the web
server must be able to write to the files as well as read them.  

I want an easy way for user 'chris' to be able to edit the dokuwiki
files directly (one of the major advantages of dokwiki is that the
files are simple text files) and I also run syncthing (as user
'chris') to synchronise some of the dokuwiki and other web files
across systems.

One can fix things temporarily by changing the permissions of the
files to allow writing by group and by adding user 'chris' to the
www-data group but this isn't a long-term solution because new files
created won't have the group write bit set and any files created by
user 'chris' won't be writeable by www-data.  I don't want to allow
www-data to write any/all chris' files as that would be a significant
security hole.

Obviously one can become user www-data (using sudo) before editing
files, or one can edit them as root and use chown to set them to
www-data ownership but these are rather clumsy and easily forgotten.


Does anyone know of a neat solution to this problem?

-- 
Chris Green