Best practice for a webserver with multiple admins?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Best practice for a webserver with multiple admins?
I am responsible for a LAMP server. I am marginally familiar with chmod and chown. Here is my cat /proc/version:
Linux version 2.6.9-55.0.9.ELsmp
Red Hat 3.4.6-8
gcc version 3.4.6 20060404
Our business environment involves several users under me who should have full access to a number of websites, all of which are installed through WHM (/home/(user)/public_html/)
The problem that we have almost daily with our 100+ sites is that the graphic designer will go to upload an image to a website folder only to find that he can't, because someone logged in as root and effectively chowned everything to root:root (not sure how this keeps happening). I had thought to provide my charges with a user of their own that had full access to each account's public_html, but I think they would create directories or do whatever it is they do and screw up ownership again. Anyone have any suggestions on what I should do (aside from acquaint myself more with Linux) to standardize my employees' interaction with the server?
Also, right now I have determined that
$ chown user:nobody /home/user/public_html/* -R
works to restore access and not louse up our content management system and its ability to read and write files. Is this correct? Am I opening myself up to Bad Things?
Thanks for the help, I hope I've posted my question in the correct forum.
You should lock ownership of the files (and the ability to modify them) to the web server process userid.
To allow people to change the content, change the root password (and keep it to yourself), and use sudo to grant your users with permission to access a user shell as the web server userid.
use last to see who logged on when. You might be able to figure out what is causing the permissions to be changed.
If it happens that regularly I'd suspect someones script has run arye.
the cron log might also help (/var/log/cron / cron.1 / cron.2 etc...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.