I, personally, don't like to leave global read access on /var/www/html because of the likelihood that someone will drop a. One last issue is that your webserver will need to access these files as well. We can remedy this by setting the SETGID bit on the parent directory so new files will be grouped to webadmins by default: chmod g+s /var/www/html Inventory management: Allow users to enable/disable inventory data collection for Windows hosts in this account. Users must also have the following permissions: Reports and Alert Management. View inventory data : Allow users to view inventory reports. One issue that's common is if joe creates a file in /var/www/html it will, by default, be owned by joe and grouped to joe's default group. Allow users to create and manage groups of computers. Authors can change settings to allow Visual Basic macros to run when a document is opened and to allow AppleScript scripts to access information in the restricted document. Allow scripts to run in a restricted file. The -R will set the permissions on all existing files. Select More Options, and then select Allow people with Read permission to copy content.

Then you want to set the proper permissions to allow your webadmins to make changes: chown root:webadmins /var/www/html -R Let's assume you make a new group called webadmins: groupadd webadmins

Your solution is pretty close to what I'd recommend, but why do you specifically reference the wheel group? On many distributions the group wheel has full access to the sudo command granting then full root access to the system.