LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Server
User Name
Password
Linux - Server This forum is for the discussion of Linux Software used in a server related context.

Notices

Reply
 
Search this Thread
Old 11-15-2007, 11:54 AM   #1
webmarks
LQ Newbie
 
Registered: Nov 2007
Posts: 4

Rep: Reputation: 0
Question Best practice for a webserver with multiple admins?


I am responsible for a LAMP server. I am marginally familiar with chmod and chown. Here is my cat /proc/version:
Linux version 2.6.9-55.0.9.ELsmp
Red Hat 3.4.6-8
gcc version 3.4.6 20060404

Our business environment involves several users under me who should have full access to a number of websites, all of which are installed through WHM (/home/(user)/public_html/)

The problem that we have almost daily with our 100+ sites is that the graphic designer will go to upload an image to a website folder only to find that he can't, because someone logged in as root and effectively chowned everything to root:root (not sure how this keeps happening). I had thought to provide my charges with a user of their own that had full access to each account's public_html, but I think they would create directories or do whatever it is they do and screw up ownership again. Anyone have any suggestions on what I should do (aside from acquaint myself more with Linux) to standardize my employees' interaction with the server?

Also, right now I have determined that

$ chown user:nobody /home/user/public_html/* -R

works to restore access and not louse up our content management system and its ability to read and write files. Is this correct? Am I opening myself up to Bad Things?

Thanks for the help, I hope I've posted my question in the correct forum.
 
Old 11-15-2007, 12:47 PM   #2
wolfperkins
Member
 
Registered: Oct 2007
Location: Val-des-Monts, Québec, Canada
Distribution: CentOS, RHEL, Fedora
Posts: 109

Rep: Reputation: 16
You should lock ownership of the files (and the ability to modify them) to the web server process userid.

To allow people to change the content, change the root password (and keep it to yourself), and use sudo to grant your users with permission to access a user shell as the web server userid.
 
Old 11-15-2007, 12:52 PM   #3
webmarks
LQ Newbie
 
Registered: Nov 2007
Posts: 4

Original Poster
Rep: Reputation: 0
our webserver runs as nobody

our webserver runs as nobody...
 
Old 11-15-2007, 01:47 PM   #4
DotHQ
Member
 
Registered: Mar 2006
Location: Ohio, USA
Distribution: Red Hat, Fedora, Knoppix,
Posts: 542

Rep: Reputation: 33
use last to see who logged on when. You might be able to figure out what is causing the permissions to be changed.
If it happens that regularly I'd suspect someones script has run arye.

the cron log might also help (/var/log/cron / cron.1 / cron.2 etc...
 
Old 11-20-2007, 07:53 AM   #5
wolfperkins
Member
 
Registered: Oct 2007
Location: Val-des-Monts, Québec, Canada
Distribution: CentOS, RHEL, Fedora
Posts: 109

Rep: Reputation: 16
You should create a new os user just for the web server and configure sudo to allow your folks access to a bash shell under that identity.

Just change the user and group settings in httpd.conf
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
To the admins: chris318 Slackware 8 03-02-2005 08:42 PM
Domain Admins not Local ADmins - Samba 3.0.7 dlublink Linux - Networking 2 03-01-2005 11:05 AM
Multiple File server on Webserver RJL Linux - Software 3 01-01-2005 10:27 AM
for all Slack admins... zeky Linux - Distributions 2 08-25-2002 11:02 AM


All times are GMT -5. The time now is 08:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration