joined:Aug 30, 2017
I'm a total newbie so please forgive my ignorance in this question.
My company has a windows data server where each department has it's own private folder which cannot be accessed by other
We use 'Active Directory' and each user has their own AD account. We then set up 'security groups' and grant them access to the
We have now set up an apache web server to host an intranet system and I want to be able to create a new folder on the windows
data server which will hold employee photos and this will be maintained by one specific department.
I want the web server to be able to access that same folder to display the photos on the intranet, however, I don't want any
other departments to access the photos directly ( in case people decide to do some imaginative photo shopping on individual photos ) and I don't want to give the web server access to any other department folders.
I read that if I created a new Active Directory Account and somehow allocated it to the web server ( so that the web server is
treated as a person ) then I can arrange for a new 'security group' to be created containing this new AD account and all the
accounts of the users in the department that will maintain the photos. I can then grant access to the 'photo folder' to this new
If this is the case, could you let me know how I allocate the AD user name to the web server ? I've seen that the config file has
a section for user & group but I don't know if this is used for the purpose I'm hoping to use it for. If it is, then is it a case
of just exchanging the current values ( currently both user & group are set as 'daemon' ) to the new user AD account and security
group ? and do I need to include the AD account password ?
Or is there an easier or better way to obtain what I'm trying to achieve ?