Re: how to restrict developers in /var/www/html directory...??
Le Mar 2 septembre 2008 22:18, Michael Habashy a écrit :
> i would like to restrict developer access to the /var/www/html directory.
> I currently have a number of websites in that directory. They are all
> live public_html for their respective webpages.
> I have developer A who i want to give access to
> /var/www/html/a-website.com
> I have developer B who i want to give access to
> /var/www/html/b-website.com
> I have developer C who i want to give access to
> /var/www/html/c-website.com
Hi,
You could use the group sticky bit :
- create a new group for each site (www-a, www-b, www-c)
addgroup www-a
addgroup www-b
addgroup www-c
- add the www-data user (apache user) to the groups :
adduser www-data www-a
adduser www-data www-b
adduser www-data www-c
- recursively change the permissions (note the sticky group bit on the
directories) on the sites :
find /var/www/html/a-website.com -type f -exec chmod 664 {} \;
find /var/www/html/a-website.com -type d -exec chmod 2775 {} \;
find /var/www/html/b-website.com -type f -exec chmod 664 {} \;
find /var/www/html/b-website.com -type d -exec chmod 2775 {} \;
find /var/www/html/c-website.com -type f -exec chmod 664 {} \;
find /var/www/html/c-website.com -type d -exec chmod 2775 {} \;
- recursively change the group ownership of each site :
chown -R www-a /var/www/html/a-website.com
chown -R www-b /var/www/html/b-website.com
chown -R www-c /var/www/html/c-website.com
- add the developpers to each group :
adduser deva1 www-a
adduser deva2 www-a
adduser devb1 www-b
adduser devc1 www-c
Advantages : you can have multiple developpers on one site
Drawback : the apache user have a write access to the files.
You should consider a revision control system. The developpers push their
developpments in the repository and the sites are manually or
automatically synchronized with the repositories.
Francois Cerbelle
Reply to: