0

I'm looking for information on best-practices and common conventions for setting up users and groups for a unix-based web server hosting multiple sites.

I'm looking for info on things like: how to securely setup your server for web developers, how to securely give apache/php access to read/write files (and what user/group should they be running), where does sudo fit in, etc.

Improve this question
1
  • That's a rather broad request...this site tends to be for answers to specific issues. You may find more answers by researching FAQs and documentation. Commented Apr 19, 2011 at 14:02

1 Answer 1

Reset to default
1

I usually set up file permissions on directories with group access in the following way:

  1. create a new group: addgroup team
  2. add users to this group: adduser user1 team
  3. create new directory: mkdir /var/www/project
  4. change group ownership for the directory: chgrp team /var/www/project
  5. change the permissions for the directory: chmod g+sw /var/www/project
  6. edit PAM config files, adding pam_umask.so, to set umask to 002 (or 007, if you like).

More details here: How to change default `umask' in Linux. File permissions for collaborative environment

Improve this answer
4
  • So if a file gets deleted in this setup, how do you attribute who did it? Do you have some sort of version tracking on top of this layout? Commented Apr 20, 2011 at 12:37
  • Actually, this is perfect. The last piece I'm struggling with are: making sure any files users write are placed in the 'team' group and 2nd, making sure that PHP still has writable access to the files. Currently, apache and php are in apache:apache. Any help would be appreciated. Commented Apr 20, 2011 at 13:49
  • @Marcin: yes, all code is stored in SVN. Commented Apr 20, 2011 at 13:55
  • @Joshua McGinnis: The files created in the directory with setgid flag (note chmod g+sw) will belong to the group which is also the owner of the directory. As for PHP, won't it help if you add user 'apache' to 'team'? Commented Apr 20, 2011 at 13:59

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.