running PHP as nobody -- group

Hi There,

I'm working on development strategies for my server. I'm about to start a large company and need very specific access for employees. I have PHP running as "nobody" as far as whoami.

My goal is to have Linux users that are members of a group or groups; these kind of permissions will apply on public files, so the owner is the user, the group is any number of groups they belong to, and the file is world readable/executable.

However on sensitive files, want php to access but not other users except a few. The idea is to assign the owner of the file as a privileged persion, but the GROUP as nobody. and the file NOT world readable/executable.

This way, the privileged user and PHP alone can view or work with this file; noone else can.

The problem is, it's not working!! PHP can't access a file I've created. Here's the structure going down to this file...

1. folder: rbase set to rwxr-x---, the group=nobody and the user=rbase.

2. folder: rbase/systeam set to rwxr-x---, the group=nobody and the user=system (my SysAdmin Team)

3. file: config.php set to rwxr-x---, the group=nobody and the user=systeam.

I can log in as systeam and see this, but PHP cannot read this. Is it possible that the user "nobody" has not been assigned to the group "nobody"? And how can I tell?

The other issue is that if nobody isn't a member of group nobody, the chgrp manual says I can't do this while nobody has processes running (which he does). Do I need to shut down apache and PHP as well?

Thanks for your help, I really thought I had a handle on Linux permissions until I encountered this problem.

Sincerely,
Sam Fullman
Compass Point Media