Should I add a user to the apache group

Question

I have a wordpress website that has multiple developers trying to access it and they want to use the built-in theme editor. the theme editor requires write access for the apache group.

I'm trying to figure out how to do this and I was thinking about adding all the users the the apache group? Is that a bad idea? is it unsecure?

Each user has to log in with their user account via sftp. They each must be able to write to the files. It would be fine to make a group for them, since they use the theme editor, the group needs to belong to apache.

According to the Wordpress codex, the theme folder is made to be fully writable, but I just don't feel comfortable with that. I would rather keep user and group permissions for access

Answer 1

Secure way would be to add separate group for that wp site, and add all needed users to that group. To make web editor work, you can just add apache itself to said group as well, or (better, but more complex to set up) use suexec to run your wp as separate user, therefore separating it from other sites and the system.