Merge pull request #1239 from jeff-matthews/jm_1196_secondary_group_2.2

1196: Add latest revisions to v2.2 docs

Author: jeff-matthews

_includes/install/file-system-perms-twouser_22.md

@@ -12,6 +12,10 @@ To enable the web server to write files and directories in the Magento file syst
 
 This section discusses how to create a new Magento file system owner and put that user in the web server's group. You can use an existing user account if you wish; we recommend the user have a strong password for security reasons.
 
+<div class="bs-callout bs-callout-info">
+	Skip to <a href="#install-update-depend-user-findgroup">step 2</a> if you plan on using an existing user account.
+</div>
+
 ### Step 1: Create the Magento file system owner and give the user a strong password {#mage-owner-create-user}
 This section discusses how to create the Magento file system owner. (Magento file system owner is another term for the *command-line user*.)
 
@@ -35,7 +39,7 @@ For example, to create a user named `magento_user` and give the user a password,
 	sudo passwd magento_user
 
 <div class="bs-callout bs-callout-warning">
-    <p>Because the point of creating this user is to provide added security, make sure you create a <a href="https://en.wikipedia.org/wiki/Password_strength" target="_blank">strong password</a>.</p>
+    <p>Because the point of creating this user is to provide added security, make sure you create a <a href="https://en.wikipedia.org/wiki/Password_strength" target="&#95;blank">strong password</a>.</p>
 </div>
 
 ### Step 2: Find the web server user's group {#install-update-depend-user-findgroup}
@@ -51,20 +55,28 @@ To find the web server user's group:
 ### Step 3: Put the Magento file system owner in the web server's group {#install-update-depend-user-add2group}
 To put the Magento file system owner in the web server's primary group (assuming the typical Apache group name for CentOS and Ubuntu), enter the following command as a user with `root` privileges:
 
-*	CentOS: `usermod -g apache <username>`
-*	Ubuntu: `usermod -g www-data <username>`
+*	CentOS: `usermod -a -G apache <username>`
+*	Ubuntu: `usermod -a -G www-data <username>`
+
+<div class="bs-callout bs-callout-info" id="info" markdown="1">
+The `-a -G` options are important because they add `apache` or `www-data` as a _secondary_ group to the user account, which preserves the user's _primary_ group. Adding a secondary group to a user account helps [restrict file ownership and permissions](#perms-set-two-users) to ensure members of a shared group only have access to certain files.
+</div>
 
 For example, to add the user `magento_user` to the `apache` primary group on CentOS:
 
-	usermod -g apache magento_user
+	usermod -a -G apache magento_user
 
 To confirm your Magento user is a member of the web server group, enter the following command:
 
-	groups <user name>
+	groups magento_user
+
+The following sample result shows the user's primary (`magento`) and secondary (`apache`) groups.
 
-A sample result follows:
+	magento_user : magento_user apache
 
-	magento_user : apache
+<div class="bs-callout bs-callout-info" id="info" markdown="1">
+Typically, the user name and primary group name are the same.
+</div>
 
 To complete the task, restart the web server:
 
@@ -96,4 +108,4 @@ To set ownership and permissions before you install the Magento software:
 After you have set file system ownership and permissions, continue with any of the following:
 
 *	[Command-line installation]({{page.baseurl}}install-gde/install/cli/install-cli.html)
-*	[Setup Wizard installation]({{page.baseurl}}install-gde/install/web/install-web.html)
+*	[Setup Wizard installation]({{page.baseurl}}install-gde/install/web/install-web.html)