Re: separate user per website?
On 13/06/11 11:50, Lars Nielsen wrote:
Hi
I am running my own server with lenny, apache and php. Now I have
several websites that only I are going to update. Is it fine to run
those under the same userlogin and use virtualhosts or should I create a
separate user for each website?
Is it posible to maintain a secure server using a single user with
several websites?
Debian arranges for Apache2 to run under the user www-data
automatically. This is normally fine and can run many web sites each in
their own virtual hosts (you can used named based or ip based virtual
hosting).
Since you say you are updating them all, then that is probably/possibly
sufficient - although you need to ensure that www-data can read the files.
On my home desktop, where I am developing multiple web sites for others,
but need to test locally - I run apache2-mpm-itk version of apache.
This allows you user a directive such as this in the virtual host
AssignUserId alan alan
which makes the server act as my user. This is convenient for editing
the files etc.
NOTE: I develop using git as the version control system and when its
time to fire it off to the the production version I change to the "site"
branch and then merge from my master branch
This kicks of the post-commit/post-merge hook which does something like this
branch=$(git branch | sed -n s/^\*\ //p)
version=$(git describe --tags)
cd "$(git rev-parse --show-cdup)"
if [ "$branch" == "site" ]; then
git clean -f
java -jar /home/alan/dev/yuicompressor-2.4.2.jar app/money.js -o
app/money-yc-$version.js
...
echo "<?php echo '$version';?>" > app/inc/version.inc
rsync -aqz docroot/ www-data@owl:https/
rsync -aqz --delete app/ www-data@owl:money/app/
else
echo "<?php echo '$version';?>" > app/inc/version.inc
fi
This is using rsync over ssh (logging in as www-data) to rsync stuff
from my development directory into the virtual host positions on my
production server.
--
Alan Chandler
http://www.chandlerfamily.org.uk
Reply to: