[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to restrict developers in /var/www/html directory...??

Hi Michael,

I'm just going to add my two cents here. I hope I can help you.
Joris' suggestion of using ACL's isn't a bad one, but IMHO new users really have trouble understanding the ACL mechanism. Unless I'm really missing part of the discussion, I don't see the need to use it here. 




.

Michael Habashy wrote, On 2-Sep-2008 22:18:
i would like to restrict developer access to the /var/www/html directory. 
I currently have a number of websites in that directory.  They are all
live public_html for their respective webpages.
I have developer A who i want to give access to /var/www/html/a-website.com I have developer B who i want to give access to /var/www/html/b-website.com I have developer C who i want to give access to /var/www/html/c-website.com
All you would have to do is set the ownership of each directory using the "chown" command. Then set permissions one each directory to 755. For example: 

chown <developer A> /var/www/html/a-website.com -R
chmod 755 /var/www/html/a-website.com -R
The permissions on the directory should look like this when you perform an "ls -la". 

"drwxr-xr-x"
This will allow the webserver to read the files for display, but will only allow the owner to modify them. The directories have to be readable by the webserver in order to be displayed anyway. The "www-data" user as I understand it, exists primarily as a safeguard to protect the rest of the system against hacking. The "www-data" user or group does not have to be used on the directories or files at all. IMHO it should never be (unless absolutely necessary), because if write permissions are accidentally set for www-data (even system administrators make mistakes) that gives someone who breaches the Apache webserver security or the www-data group the ability to rewrite your website files.
Since basic permissions is really an administrative concern, and has nothing to do with Debian specifically, I'll be happy to discuss permissions and any other administrative topics with you off the list. Please feel welcome to email me directly anytime. 

Best Wishes,
T.J.




--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Reply to: