A
A
AlexWasHere2014-02-20 10:08:08
Apache HTTP Server
AlexWasHere, 2014-02-20 10:08:08

How to set correct permissions on folders (/var/www, domain)?

There is a vps with such a structure
/var/www/domains/domain1.com
/var/www/domains/domain2.com
...
I decided to deal with access rights, because some misunderstandings began to occur. It was necessary to create an ftp user that has access to all these domains
1) What rights should /var/www/
have 2) What rights should /var/www/domains
have 3) What rights should /var/www/domains have /domain1.com (I set 770 on the domains)
4) What rights should the files and folders of the site itself have (so that ftp, cms or framework users can change)
The owner and group of all domains is root
I added the ftp user to the root group (probably so it is impossible?) Here with users ftp it is absolutely not clear.
I use ubuntu, apache, pure-ftpd

Answer the question

In order to leave comments, you need to log in

2 answer(s)
C
Chromium58, 2014-02-20
@Chromium58

I must say right away that there has never been a practice of web administration, but I see it this way:
There is such a module apache2-mpm-itk, it allows you to run VirtualHost on behalf of a separate user. Given this module, the folder structure, in my opinion, should look like this:
1.) /var/www - permissions 755, user www-data, group www-data
2.) /var/www/domains - permissions 755, user www-data , group www-data (default user in apache)
3.) /var/www/domains/domain1.com - rights 700, user user-domain1, group www-data
4.) rights for files and folders 700
Add to virtualhost a line indicating the user-owner of the site
AssignUserId user-domain1 www-data
With ftp, I think everything is clear, rights 700 give access only to the owner of the directory.

A
admin4eg, 2014-02-20
@admin4eg

I have it implemented through apache2-mpm-itk + chroot sftp
, and with the rights everything is there ...
sites are isolated from each other, if one gets infected, then the rest will not hurt if one sftp password is stolen by trojans, then it will not hurt others.
by rights, like this
useradd -G vhost -s /bin/false -p $MD5PASS -d /home/${domain} ${vhost}
chown root:${vhost} /home/${domain}
mkdir /home/$ {domain}/www
mkdir /home/${domain}/logs
mkdir /home/tmp/${domain}
chown ${vhost}:vhost /home/${domain}/www
chown ${vhost}:vhost /home /tmp/${domain}
chmod 755 /home/${domain}
chmod 755 /home/${domain}/www
/home/${domain} is needed specifically for chroot sftp
/www for the entire executable

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question