So to conform to some measure of security, how do I solve this problem?
I want a camera logger program on RPI to generate images at adjustable intervals. I want web clients to view latest snapshots and modify camera logger config file via a form to invoke web server cgi calls. There are three users, root that runs my camera logger at boot up as a daemon, www-data, that interacts with cgi program, camera logger config file and reads images, and pi that owns the executable, the config file and the images, because I have not been able to boot the daemon, possibly the daemon boots too soon and TTL USB adapter driver is not in place so the daemon can't find any camera on TTL USB adapters so it quits. I have to log on to pi and start it.
I have not learned web authentication yet so the web interface is open to anyone that knows the address, which is ok for now.
So should I simply put www-data in pi group or do other stuff such as giving ownership of some files such as the cgi program to www-data. I can't give ownership of image files to www-data since it will eventually generated by root from the daemon but they are all generated with umask(0) and access 0666.
I really appreciate your inputs. I'm finding these stuff thick. I have every component working, the camera_logger, the cgi hello world, and the web server.
As for unix is best speech, say that to all politically correct root users. They have too much power and no way of tracking what they are doing. I very much despise the very concept of unix root user as a god, making changes and assigning files to others without a trace or the users knowing their files have been compromised. Windows at least has a mechanism to warn users if a god has taken possession of their files. Tell me how to do that in unix and I will shut up.
Arduino data loggers, user interface, printed circuit board designer since 2009, RPI 3B 2B 2B Zero Jessie, assembly/C/C++/java/python programmer since the 80's