LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Best practice for a webserver with multiple admins? (https://www.linuxquestions.org/questions/linux-server-73/best-practice-for-a-webserver-with-multiple-admins-599875/)

webmarks 11-15-2007 11:54 AM
Best practice for a webserver with multiple admins?
 
I am responsible for a LAMP server. I am marginally familiar with chmod and chown. Here is my cat /proc/version:
Linux version 2.6.9-55.0.9.ELsmp
Red Hat 3.4.6-8
gcc version 3.4.6 20060404

Our business environment involves several users under me who should have full access to a number of websites, all of which are installed through WHM (/home/(user)/public_html/)

The problem that we have almost daily with our 100+ sites is that the graphic designer will go to upload an image to a website folder only to find that he can't, because someone logged in as root and effectively chowned everything to root:root (not sure how this keeps happening). I had thought to provide my charges with a user of their own that had full access to each account's public_html, but I think they would create directories or do whatever it is they do and screw up ownership again. Anyone have any suggestions on what I should do (aside from acquaint myself more with Linux) to standardize my employees' interaction with the server?

Also, right now I have determined that

$ chown user:nobody /home/user/public_html/* -R

works to restore access and not louse up our content management system and its ability to read and write files. Is this correct? Am I opening myself up to Bad Things?

Thanks for the help, I hope I've posted my question in the correct forum.

wolfperkins 11-15-2007 12:47 PM
You should lock ownership of the files (and the ability to modify them) to the web server process userid.

To allow people to change the content, change the root password (and keep it to yourself), and use sudo to grant your users with permission to access a user shell as the web server userid.

webmarks 11-15-2007 12:52 PM
our webserver runs as nobody
 
our webserver runs as nobody...

DotHQ 11-15-2007 01:47 PM
use last to see who logged on when. You might be able to figure out what is causing the permissions to be changed.
If it happens that regularly I'd suspect someones script has run arye.

the cron log might also help (/var/log/cron / cron.1 / cron.2 etc...

wolfperkins 11-20-2007 07:53 AM
You should create a new os user just for the web server and configure sudo to allow your folks access to a bash shell under that identity.

Just change the user and group settings in httpd.conf


All times are GMT -5. The time now is 09:33 AM.