LAMP Stack permissions

Hey,

I've found a couple old threads that briefly mention permissions for LAMP stacks, but none have been a great guide (nor on the library). So far, I have built a LAMP server simply using one of the StackScripts (http://www.linode.com/stackscripts/view … riptID=939">http://www.linode.com/stackscripts/view/?StackScriptID=939). I figured using that was easier than using my own.

This is how I have the folders setup:

/var/www

/var/www/example.com

/var/www/example.com/public_html

/var/www/example.org

/var/www/example.org/public_html

I have a user (andrew) that I want to give access to /var/www for SFTP. So that user has full access to all the sites and everything within /var/www. I also want the www-data user or group to have access to those files so that I can do auto-updates through WordPress. What would be the best way to handle this?

I'm currently thinking of adding both the andrew and www-data users to a new group (such as filetransfer, as mentioned in http://library.linode.com/security/sftp-jails), and then chown'ing everything within /var/www (but not the folder www itself) to the group filetransfer. Would this be the best route? Should I also reset the home directory of andrew to /var/www?