suexec & directory permissions (ownership) problem

[raphidae]

I'm migrating from Apache, and I've hit a problem on the suexec configuration.


My directory layout is as follows:

/var/www/:

drwxrwxr-t 4 root user 512 Apr 2 11:15 www.example.com

/var/www/www.example.com/:

-rw-r--r-- 1 user user 0 May 10 2007 .htpasswd
drwxr-xr-x 2 root www 512 Apr 2 12:00 logs
drwxrwxr-t 8 root user 512 Mar 17 18:39 root

/var/www/www.example.com/root/:

drwxr-xr-x 2 root www 2560 Apr 2 06:00 stats


'user' has (chroot) access to '/var/www/www.example.com/' via FTP.

This setup accomplishes the following:

-'user' cannot delete/rename '/var/www/www.example.com/root'.

-'user' cannot delete/rename/change anything in '/var/www/www.example.com/root/stats/'

-'user' cannot delete/rename/change anything in '/var/www/www.example.com/logs/'

-'user' can write as usual in '/var/www/www.example.com/root' and view the logs etc.


Apache expects the docroot to be there, so it'd be a problem if an user deleted/renamed it, as with the logfiles. Scripts expect the /stats/ directory to be there. I do not trust 'user' to leave them alone or even know what he's doing.

My problems:

-LiteSpeed writes the logfiles as 'www', while Apache used to write them as root.
-suexec only offers the option to set the uid to that of the docroot. The docroot is owned by root, while the suexec uid needs to be 'user'.

Please advise on how to solve this in the best way.

Also, it seems that normally the docroot is owned by 'user', so I'm curious as to how others prevent customers deleting/renaming it.