We've just upgraded our server to the latest version of Debian, and we've lost permissions that allow our proprietary content manager to work.
So that we can maintain just a single copy of the CMS on the server for all domains, it's located in /usr/share/ourcms.
All of the files in this folder are owned by root : ourgroup.
In the html folder of each domain, we have index.php that's supposed to load usr/share/ourcms/includes/index.inc.php.
All of the files in each domain are owned by ouruser : ourgroup.
The intention is as follows;
index.php can ONLY access usr/share/ourcms/includes/index.inc.php.
Any file in /usr/share/ourcms can access any file in any domain... that is, any file in its group. For example, it can check the size of an image, or it can upload images to a folder within that domain.
No php file, other than index.php (see above) can access any file or folder in usr/share/ourcms.
It all worked before the upgrade. Now it doesn't, and to temporarily restore functionality we've had to set ownership of all of the files and folders in usr/share/ourcms/ to ouruser : ourgroup, which makes those files accessible to any script a user might place in their domain folder.
Can anyone suggest how I might configure the server to achieve the above,
Perhaps getting rid of index.php in the domain folder and placing it directly in the /usr/share/ourcms might work, in which case, can anyone suggest how I can do that?
Note: The original programmer who set it all up for us in uncontactable at this time. Pity.