LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-31-2015, 10:23 AM   #1
AdultFoundry
Member
 
Registered: Jun 2015
Posts: 245

Rep: Reputation: Disabled
What would be a better way to go?


I have two users on CentOS7 - root and user_one. user_one will be logging in to the server and working on websites, which will be located in folders like:

/var/www/html/website-one/index.html
/var/www/html/website-two/index.html

Is it better to set DocumentRoot for these websites to /home/user_one/public_html (this would be probably better / preferred) and prevent user from accessing any other areas on the system, except from /home_user_one, or just give this user access to /var/www/html and nothing else? I mean, he may need this home directory for something, I am not sure...

How would I achieve the first part? Change DocumentRoot configuration and change permissions of the user, but how?
 
Old 10-31-2015, 10:44 AM   #2
berndbausch
Senior Member
 
Registered: Nov 2013
Location: Tokyo
Distribution: Redhat/Centos, Ubuntu, Raspbian, Fedora
Posts: 1,687

Rep: Reputation: 353Reputation: 353Reputation: 353Reputation: 353
Quote:
Originally Posted by AdultFoundry View Post
I have two users on CentOS7 - root and user_one. user_one will be logging in to the server and working on websites, which will be located in folders like:

/var/www/html/website-one/index.html
/var/www/html/website-two/index.html
You could use ACLs to achieve this. See man page for setfacl.
 
Old 10-31-2015, 04:12 PM   #3
AdultFoundry
Member
 
Registered: Jun 2015
Posts: 245

Original Poster
Rep: Reputation: Disabled
Ok, so /var/www/html is the default Apache directory, and this remains unchanged. I have /var/www/html/website-one/index.html there (is this necessary to be there?). At the same time I created a VirtualHost configuration in /etc/httpd/conf.d/website-one.com.conf, and this looks something like this:

Code:
<VirtualHost *:80>
DocumentRoot /var/www/html/domain-one/public_html
ServerName domain-name.com
ServerAlias www.domain-name.com
</VirtualHost>
I want this /var/www/html/website-one to be /home/user_one/public_html/website-one and only allow the user_one to have access to /home/user_one and everything below. I know that I will be using setfacl for this, based on the previous post, but how would I "position" the website in the /home/user_one/public_html/website-one? Just change the DocumentRoot directive to this, and leave the /var/www/html/website-one/index.html part there (again, do I even need it there?)? I would want it as clean and as minimal as it can be.

Thanks.
 
Old 10-31-2015, 08:22 PM   #4
mreff555
Member
 
Registered: Sep 2011
Location: Philly
Distribution: Gentoo
Posts: 470

Rep: Reputation: Disabled
I wouldn't make this more complicated than this needs to be. I don't do much web page editing or use cent OS but I wouldn't be surprised if the /var/www directory was in the www group. If its not, you could make the group and recursively put it in that group.

Then, just give the user access to that group.
 
Old 11-01-2015, 01:21 AM   #5
AdultFoundry
Member
 
Registered: Jun 2015
Posts: 245

Original Poster
Rep: Reputation: Disabled
1) I am wondering whether I need /var/www/html/website-one folder, or can I just delete that?
2) Would it make sense to change the default Apache directory to /home/user_one/public_html?
3) Is ServerAlias www.domain-name.com necessary, I never use the www part anyway (I redirect all www to non-www)?

I've been always using cPanel for this on a managed hosting, so I am not sure how this gets done. I mean, I can get it to work obviously, buy I am looking for the best and most minimal way to go.

I am configuring a system / server now, and I want to make notes of all the steps that need to be done. After that I can get another hosting plan, lets say better VPS, or even a dedicated plan, and just follow the steps in the notes. For this reason I am kind of particular about this, because I am not sure how this gets done, how would cPanel do it, lets say.
 
Old 11-01-2015, 01:55 AM   #6
AdultFoundry
Member
 
Registered: Jun 2015
Posts: 245

Original Poster
Rep: Reputation: Disabled
This is not the most important thing, but there is one the best way to do it, I would say. Maybe I could

1) Leave /var/www/html as is
2) Limit ftp access for user_one to /home/user_one only, as the first step
3) Create a link to /var/www/html in /home/user_one, and also enable access to that

This way, the website files would be in their default location. User would have his home directory, in case it is needed, and it would have access to it and /var/www/html, and nothing else, through the ftp.

user_one is also the one who logs in to the system through ssh (key based authentication on custom port), and has sudo privileges there. root login would be disabled later on...

I am also working on setting up firewalld now, and I am not sure what other things I would need to look into later on. Email (so I can send emails from command line, at least), and backup, and possibly more.

I am new to Linux, and I want to make sure that I can transfer all of my actual sites to this new hosting and that I wont mess anything up.

Edit:

I guess I would not need something like /var/www/html/website-one/public_html/index.html

I could change the default Apache directory to /var/html, lets say, and have the websites there, like this:

/var/html/website-one/index.html
/var/html/website-two/index.html
/var/html/website-three/index.html

and just work on this from there. I mean do I need the /var/WWW/html (meaning 'www') part there?

Then enable user_one to work on this, and also leave access to his home directory through the ftp.

Like I said, I am a beginner, so I am not sure if this is needed for anything. I would say that it could be, since they made it this way... I dont want to be deleting the default CentOS7 things, at this point...

Edit2:

Looking at the contents of /var/www, there is nothing there. one cgi-bin file (I am not sure what this is exactly), and nothing else. Look like this could be deleted, but it may have its use (or like 10 or more uses, I am not sure)... This things are very basic, but like I said, this is not really described anywhere, and when I follow some online tutorials (the ones that come up on the top of google.com), it seems like do a lot of unnecessary things, and it does not always work too...

Last edited by AdultFoundry; 11-01-2015 at 06:24 AM.
 
Old 11-01-2015, 07:49 AM   #7
AdultFoundry
Member
 
Registered: Jun 2015
Posts: 245

Original Poster
Rep: Reputation: Disabled
"For example, a common configuration is to place HTML files to /var/www/html and CGI scripts to /var/www/cgi-bin

There may also be SELinux policies that expect files to reside in /var/www/html

mrtg (by default) puts its files to /var/www/mrtg, and there may be others as well. In this case, there is a a default entry "Alias /mrtg /var/www/mrtg" in Apache's config.

I would suggest keeping /var/www/html."
 
Old 11-01-2015, 10:12 PM   #8
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.8, Centos 5.10
Posts: 17,240

Rep: Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324Reputation: 2324
This is a default install on Centos 6
Code:
ll /var/www
total 16
drwxr-xr-x. 2 root   root   4096 Aug 25 03:53 cgi-bin
drwxr-xr-x. 3 root   root   4096 Aug 25 09:43 error
drwxr-xr-x. 2 apache apache 4096 Sep 30 15:09 html
drwxr-xr-x. 3 root   root   4096 Aug 25 09:43 icons
NB: as hinted by your last comment, cgi-bin is a dir, not a file. Actually, in *nix its just another type of file, but in this context its best to use the word 'directory' to keep things clear.
See the leading char in the o/p.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off




All times are GMT -5. The time now is 12:57 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration