Results 1 to 3 of 3

Thread: Post Install LAMP Question

  1. #1
    Join Date
    Feb 2009
    Beans
    5

    Post Install LAMP Question

    I have setup a LAMP server for me to use. I would like to allow a few people to have access to this server in order to host some of their content. I do not want them to have full access to the box since I have personal content on there and run other services.

    What is the best way to give them limited access?

    Is there a default group that they should be added to in order to limit their access to the AMP portion of the server?

    Do I jail ssh and sftp to /var/www and have them only upload the files that they need?

    What are the best practices for this type of situation?

    I'm used to being the only user on the system, so any insight the community can provide on this would be much appreciated.

  2. #2
    Join Date
    Sep 2011
    Location
    Behind you!
    Beans
    532
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Post Install LAMP Question

    There are probably a ton of ways to accomplish that goal and there are probably some best-practice papers out there too.

    I have not done such a thing but if I were looking to do something like that, I would probably only allow them to upload to a user-specific folder (ftp or sftp) and then have an automated script that will process the folder and move them where they need to go. I would also code in some checks for mischievous files...such as EXE files or virus/trojan files.

    LHammonds

  3. #3
    Join Date
    Nov 2008
    Location
    Metro Boston
    Beans
    9,508
    Distro
    Kubuntu 14.04 Trusty Tahr

    Re: Post Install LAMP Question

    Create website directories for each user like /home/username/web. Change the permissions on /home/username from 700 to 711 so the Apache "user" www-data can see their sites. For each user, create a separate <VirtualHost> with a unique ServerName like user.domain.name and a DocumentRoot that points to /home/user/web.

    Do you have a registered domain you can use? Itwould certainly make things a lot easier if each site had a unique public name like user.domain.name. In the DNS you could just have:

    Code:
    @     IN SOA   domain.name. root.domain.name (
          [stuff]
    
    www   IN A     1.2.3.4
    user1 IN CNAME www
    user2 IN CNAME www
    [etc.]
    Last edited by SeijiSensei; June 27th, 2012 at 02:53 PM.

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •