What is the best way of enabling non-root access to /var/www/html?
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
...it can be achieved by mounting /var/www/html in non-root user's home directory:
mount --bind /var/www/html /home/user_one/htdocs
Also, related to this, I just looked at /etc/vsftpd/vsftp.conf file and I have the following line set like this (on / not uncommented):
At the same time I am able to access all files and folders through sftpd. Is the mount --bind a good or the best way to go, or should I consider something else?
Another options is this:
"If you need to have write access via a different userid than root then leave the files/directories owned by root and use a different group. Put your ftp user in that group but do not add the apache user, leave that having readonly access via the "other" permission settings."
I mean, I may need to do this anyway to enable access, even if I would go with the mount --bind solution, I am not sure...
Last edited by AdultFoundry; 11-01-2015 at 07:50 AM.
It looks like creating a group and assigning this new user to this group is the best and most standard / classic way to go. I will stick to this...
Either this or setfacl... To be honest I like giving group permissions with setfacl to a second group (not apache) and set users to that specific group... I also use this because of the "default" permission capability (so that if something gets created with root or by the webserver, the users in that group get implicit permission to that file)
UserDir directive option does not sound bad too. I know that:
1) I want to have the website files in folders like this - /var/www/html/domain-name.com (one separate folder per domain)
2) I would want to enable user_one to have access to all of these, and anything that may be created by programs on CentOS7, if this may be the case
3) I would like to limit access through ftp, for the user_one to /home/user_one (he can add directories there, and do whatever he wants there or underneath it) and give him full access to anything that may be in /var/www/html
4) I may need to create another user, lets say, and give him full access to /var/www/html/website-100.com through ftp, and nothing else (without home directory for this user, lets say). This may be needed for something like migrating website from one script to another and people would log in to the server and get all the files and pictures from there). They could have access to one of the mariadb databases on the server too (for this site, if needed).
So something along these lines. And what would be the best, most common, standard way of doing this? The mount option does not seem to be good for it, but when I read the article it sounds good. Person from Silicon Valley, advising this on his consulting website, and so on. Like I said, I dont have good perspective on this yet, so it is better to ask on the forum, if there is a way to get some answers to this.
Last edited by AdultFoundry; 11-02-2015 at 07:20 AM.
[run as root] setfacl -m d:u:user_one:rwx /var/www/html
... and thats it?
And then I would just limit ftp access with vsftp config file (allow only /home/user_one and /var/www/html, and possibly add a link to /var/www/html so the user could get there, when he logs in?). If the link solution sounds like a correct one, would I do a hard or soft link?
Like I said, I am looking for the most standard / clean / 2015 / book solution to this. This does not sound like it is 100 there...
Last edited by AdultFoundry; 11-02-2015 at 03:37 PM.