Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
D
D
danforth2016-11-18 13:11:12
linux
danforth, 2016-11-18 13:11:12

Linux users and groups: how to do it right?

Help me clean up my head, I can't figure out how to properly and safely set up a VPS. The question is about permissions and groups, I want my site to be in the /home/danforth/www/ folder (am I thinking right?)
To do this I create a new user and give him a password

sudo useradd danforth
sudo passwd danforth

This will create a user with the danforth group of the same name, and create a home directory /home/danforth.
Next, I need to configure nginx to look into this directory (everything is clear here, you can skip it).
Next, I assign rights to files and folders, and this is where the snag appears: in most cases, the most successful rights, as far as I understand (correct if this is not so):
  • 755 for files
  • 644 for folders

but, my directory is /home/danforth/ and its owner is danforth:danforth. It turns out that I either need to add danforth to the www-data group (is it safe?), but then I will have to edit the rights for the group (775 and 664, respectively) or configure it so that the web server runs as a danforth user.
Actually, a structured question: what rights should be on files and folders, and from which users should the following programs work:
  • nginx
  • php-fpm
  • mysql/mariadb
  • redis

I also request some good article that just answers my question. Thank you!

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
S
Saboteur, 2016-11-18
@danforth

"755 for files
644 for folders"
vice versa for folders (755 - rwxr-xr-x), Otherwise, no one will be able to access the folders, and for files 644 (rw-r--r--)
"nginx so that he looks into this directory
Why? If it is not running from your danforth, then you do not need to do this, let nginx look in its directory. But the user danforth can be added to www-data so that you can go there and write, and yes, then you will need 775 and 664, respectively.
The rights should not be, the rights can be different, you just write down who and where should have access and assign. When installed, these services often create the necessary users on behalf of which they run. Adding and changing permissions usually goes through groups, not through the owner.

Report
M
moropsk, 2016-11-18
@moropsk

as an option.
https://debian.pro/2017

Report
C
CityCat4, 2016-11-18
@CityCat4


i want my website to be in /home/danforth/www/ folder
Why, sorry? The danforth user's home directory is intended for danforth user files - including settings for various systems. Some files can store information that is very curious for outsiders. It's like placing a file in the user's profile directory on Windows.
Sites that are not related to the danforth user are best placed outside the user's home directory, such as /var/www (as is usually done in Linux) or /usr/local/www (as in FreeBSD).
mysql runs from the mysql user, I don't know the rest - I have apache :) working - all of a sudden - from the apache user :) There is also ruby, the passenger module works from the nobody user

Similar questions
A
Anton2018-06-16 18:52:17
How to correctly calculate vm.dirty_background_bytes and vm.dirty_bytes? 1Reply
A
Alexey2013-06-19 14:16:18
Graphical system monitoring 6Reply
V
Vyacheslav Vasiliev2016-02-02 19:25:34
Remote control MCE for OpenELEC, that is for KODI? 1Reply
H
hostadmin2013-06-20 23:57:04
Rules not working in iptables 3Reply
S
StamPit2013-06-24 16:28:24
SBB (Storage Bridge Bay) - how to build the perfect NAS? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question