I am user 'somebody'. I have a typical "Web blob" website ecosystem ( essentially an FS sub-tree starting at Apache's typical "htdocs" directory ).
Its files are owned by 'root', and grouped to 'daemon', for Apache to read and / or execute, while 'root' can also write to them ( they live in '/opt', typically populated by scripts or "installers" invoked as super ).
As 'somebody', I want to create a git repo right there ( in "htdocs" ), to track configuration changes, etc, but I don't wanna run 'git' as super ( I try to avoid running stuff as super where possible ). I don't want to chown / chgrp the files to my username, because arbitrary users shouldn't be mucking about in '/opt/...', right?
So I thought -- why don't I add myself to 'daemon' group, and enable group-write on the files? Isn't that a bit cleaner? But maybe it's not wise to make a regular user part of 'daemon' group, or maybe it's not wise to make 'daemon'-grouped files writable -- I just don't yet know why.
Is there a recommended way to give 'somebody' write access to things that live in '/opt', owned by 'root', and keep them read-only for stuff like Apache in daemon mode, without resorting to ACLs? I don't think so, but I am not a smart man. :-D
( This question is related, but didn't really clear it up for me: User Permissions: Daemon and User ).