1

I have written a script that installs a LAMP environment and a few other helpful programs. All of this has been installed under root.

I would now like to create a new user called webmaster that will only be responsible for rendering my website located under: /home/webmaster/htdocs. As such I have created a new user called "webmaster".

When I run a "ls" on the htdocs folder I get the following output:

-rw-rw-r-- 1 webmaster www-data 1843 Aug 26 21:12 composer.json drwxrwsr-x 3 webmaster www-data 4096 Aug 26 21:12 src

Should the group really be owned by www-data or should I change the group to www-data and then simply add the Apache user, www-data, to the "webmaster" group? What is the best method with regards to security?

Improve this question

1 Answer 1

Reset to default
2

  1. I would seriously suggest to take a look at a configuration management system for automating and maintaining installations and deployments. Such tools are well tested and are well equipped to handle errors, generate reports and several other tasks in a robust way.

  2. I'd question if there's really a need to have a separated webmaster user? All *NIX systems already have a user that runs the web server and owns the files to be published (www-data in your case). This really boils down to:

    • is this user a system user or
    • is this account meant to be used as login user by somebody/some group?

    If the former, I'd insist there is no real use for such a user. If the latter, take a look at this question, which explains in detail how to manage such an environment. Other solutions are also valid.

  3. With regards to how to secure a LAMP server, read this Canonical Question, it addresses that topic in depth.

Improve this answer
1
  • I've heard about Chef with regards to the configuration management system and intend to use it sometime in the near future. Thanks for those links. As a developer I've never really touched in great detail on admin set-ups before. Thanks for this info, it was exactly what I needed! Commented Sep 7, 2013 at 14:38

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.