[ubuntu] Locking down /var/www properly

view story

http://ubuntuforums.org – It seems to me that there are as many ways to do this as there are sysadmins out there. This is what I came up with. Security of /var/www is left as-is. Security of the directories and subdirectories under /var/www have the following perm/user/group: drwxrws--- martijn www Security of files in those directories (recursive) is: -rw-rw---- martijn www martijn is the owner. www is the group. www-data is member of www. I need my websites to be writable by themselves. Please don't dive into this, this is just the way I need it. For this requirement, the security seems quite alrigh (Hardware)