Howdy all,
Scenario: Managed VPS, whm,cpanel, etc. I am essentially the only dev working in this server, all the sites are our website clients, we dont sell hosting to anyone or anything like that. Just us serving our clients mostly small-medium websites. Almost all wordpress.

What I want to do is have a central dir with a wordpress theme (in future i might want to have all of wp symlinked, but for now, just a theme). I want to have many sites using this same theme and I want to update one place and have all the sites updated.

I have already made the symlinks as appropriate. I have also visited the tweakphpdir in cpanel or whm and enabled the open_basedir for the sites and that works, I am able to include() from it.

What doesnt work is trying to serve files (css, etc) from that symlinked dir. I am told that this is cuz the 'user' of the site doesnt own the symlinked dir and that suexec is the reason.

So, the question...Given that there will be no nefarious ftp users or sites not under my control, is it dangerous to open things up to allow serving from this symlinked dir? What would be the suggestion security wise to achieve the goal set out in my second paragraph? What about group permissions/ownership?

thanks,
j

Hi,
I suppose you connect to the vps as root per ssh.

In this case *I* would say you could change the permissions, as I think you need to chmod the files (symlinked and those in httpdocs) to the apache user.

You could get rid of not used ftp users in this case and be safer as before, as the apache user normally has no ftp access and no shell acces .

But I thougth about sth else :

Did you allow apache to follow symlinks?
Option:You'd need sth like this