You could use ACL. To set up ACL for Ubuntu 10.10, first mount the file systems with the acl option in /etc/fstab.
sudo vim /etc/fstab
UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx / ext4 defaults,acl 0 1
sudo mount -o remount,acl /
Then make a group to which a user may belong for this purpose.
sudo groupadd developers
sudo usermod -a -G developers $username
The user needs to log out and in again to become a member of the developers group.
Of course, do not do this if you have content in the /var/www directory that you want,
but just to illustrate setting it up to start:
sudo rm -rf /var/www
sudo mkdir -p /var/www/public
sudo chown -R root.developers /var/www/public
sudo chmod 0775 /var/www/public
sudo chmod g+s /var/www/public
sudo setfacl -d -m u::rwx,g::rwx,o::r-x /var/www/public
Then replace references to "/var/www" with "/var/www/public" in a config file and reload.
sudo vim /etc/apache2/sites-enabled/000-default
sudo /etc/init.d/apache2 reload
If we wanted to restrict delete and rename from all but the user who created the file:
sudo chmod +t /var/www/public
This way, if we want to create directories for frameworks that exist outside the
Apache document root or maybe create server-writable directories, it's still easy.
Apache-writable logs directory:
sudo mkdir /var/www/logs
sudo chgrp www-data /var/www/logs
sudo chmod 0770 /var/www/logs
Apache-readable library directory:
sudo mkdir /var/www/lib
sudo chgrp www-data /var/www/lib
sudo chmod 0750 /var/www/lib
If you run chown without a preceding colon, you will change the owner. (With the preceding colon, you change the group, as you have demonstrated above, and you can also run chown -R new-owner:newgroup.) So if you just run
sudo chown -R www-data /var/www/pootle
you will change the owner to www-data.
"....when apache creates a file, its group is www-data..."
Can you clarify what you mean by this? Apache serves files, it doesn't create them. PHP creates them - but they are created dynamically and served directly to web clients (browsers), they are not created and then saved by Apache.
It seems your problem is with file ownership. If so, a more convenient approach might be to add pootle to the www group - as Apache (generally) needs htm(l) files to be owned by www to read them. Files then created by Pootle will have the same group ID and you won't need to run chown at all - Apache will have read access to Pootle's files. See http://translate.sourceforge.net/wiki/pootle/apache which says:
You need to extract Pootle in a directory accessible to the apache user.
Make sure Apache has read access to all of Pootle's files and write access to the dbs and po subdirectories.
Hope this helps.
Best Answer
Use this:
-R instead of -r.