Re: how to restrict developers in /var/www/html directory...??

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: Re: how to restrict developers in /var/www/html directory...??
From: Sjoerd Hardeman <sjoerd@lorentz.leidenuniv.nl>
Date: Wed, 03 Sep 2008 16:26:13 +0200
Message-id: <[🔎] 48BE9E85.2090708@lorentz.leidenuniv.nl>
In-reply-to: <[🔎] 26847.83.206.128.14.1220450265.squirrel@webmail.cerbelle.net>
References: <[🔎] 2b265c5a0809021318r3eddbbecx701fd955ec3c4657@mail.gmail.com> <[🔎] 26847.83.206.128.14.1220450265.squirrel@webmail.cerbelle.net>

François Cerbelle wrote:

Le Mar 2 septembre 2008 22:18, Michael Habashy a écrit :

i would like to restrict developer access to the /var/www/html directory.
I currently have a number of websites in that directory.  They are all
live public_html for their respective webpages.
I have developer A who i want to give access to
/var/www/html/a-website.com
I have developer B who i want to give access to
/var/www/html/b-website.com
I have developer C who i want to give access to
/var/www/html/c-website.com


Hi,

You could use the group sticky bit :
- create a new group for each site (www-a, www-b, www-c)
  addgroup www-a
  addgroup www-b
  addgroup www-c
- add the www-data user (apache user) to the groups :
  adduser www-data www-a
  adduser www-data www-b
  adduser www-data www-c
- recursively change the permissions (note the sticky group bit on the
directories) on the sites :
  find /var/www/html/a-website.com -type f -exec chmod 664 {} \;
  find /var/www/html/a-website.com -type d -exec chmod 2775 {} \;
  find /var/www/html/b-website.com -type f -exec chmod 664 {} \;
  find /var/www/html/b-website.com -type d -exec chmod 2775 {} \;
  find /var/www/html/c-website.com -type f -exec chmod 664 {} \;
  find /var/www/html/c-website.com -type d -exec chmod 2775 {} \;
- recursively change the group ownership of each site :
  chown -R www-a /var/www/html/a-website.com
  chown -R www-b /var/www/html/b-website.com
  chown -R www-c /var/www/html/c-website.com
- add the developpers to each group :
  adduser deva1 www-a
  adduser deva2 www-a
  adduser devb1 www-b
  adduser devc1 www-c

Advantages : you can have multiple developpers on one site
Drawback : the apache user have a write access to the files.

Why not chowning the dirs to users A,B and C, setting the group towww-data and chmodding the dirs to 640/750?The disadvantage is, of course, that only one developer can have writeaccess to the directory.


Sjoerd


You should consider a revision control system. The developpers push their
developpments in the repository and the sites are manually or
automatically synchronized with the repositories.

Francois Cerbelle

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to:

References:
- how to restrict developers in /var/www/html directory...??
  - From: "Michael Habashy" <mjh2000@gmail.com>
- Re: how to restrict developers in /var/www/html directory...??
  - From: François Cerbelle <francois@cerbelle.net>

Prev by Date: [OT] mobo recommendation
Next by Date: how to download a directory
Previous by thread: Re: how to restrict developers in /var/www/html directory...??
Next by thread: Re: how to restrict developers in /var/www/html directory...??
Index(es):
- Date
- Thread