Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
S
S
sibirskiy19802016-12-29 12:11:18
Access rights
sibirskiy1980, 2016-12-29 12:11:18

Setting up apache for multiple users on a VPS?

Добрый день!
Суть поставленной задачи - безопасная настройка веб-сервера: разграничить права нескольких пользователей для apache на VPS сервере. Под разработку сайтов нанимаются фрилансеры, у них есть доступ samba, ftp. Не можем настроить apache, чтобы фрилансеры могли выполнять php скрипты у себя в локальной папке определенного хоста и не иметь доступ к файлам других хостов через apache.
Что сделали и как планировали будет работать:
0. Создается новый пользователь newuser. Добавляем его в группу newgroup.
1. Поставил apache2-mpm-itk, для каждого хоста указываю
AssignUserId www-data newgroup
2. Каждой папке соответствующего хоста выставляем доступ
chown -R newuser:newuser /var/www/newhost/
Права доступа стоят 770, по самба и фтп чтобы не было доступа к файлам других хостов.
3. Пользователя www-data добавил в группу newuser, чтобы хосты были доступны
It turns out that the user cannot access other hosts locally. But php code is not executed locally either.
If I add a user to the www-data group, then he has access to other sites through apache.
For example, such code is already being executed and it turns out there is access to someone else's host.
<?php
file_put_contents("../newhost2.com/hack666.txt", "hello");
echo "ok";
?>
I don't understand how to set it up. To give access to execution, you need to give access to apache, and apache itself has access to all sites.
Thanks..

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
P
Puma Thailand, 2016-12-30
@opium

Can't install the control panel yourself

Report
E
Evgeny Volf, 2016-12-29
@Wolfnsex

If you believe Habr, then like this . But if I were you, I would set PHP-FPM mode and not suffer ... Moreover, this is some kind of intermediate dev server for freelancers.
Another option is to take a virtual machine for $ 1.5 each and generally do not know the troubles.

they have samba, ftp access.
Why do they need samba?
PS You can still add a chroot to PHP-FPM, but setting it up will require additional dances with a tambourine.

Similar questions
A
alekZi2016-02-07 17:52:15
How to differentiate access to files in the office? 2Reply
G
gremlintv22018-07-04 12:28:50
What tool to use for FTP access control? 0Reply
T
TCloud2018-07-26 10:51:31
How to unlock USB ports in the name of science with minimal permissions? 2Reply
M
Maxim2013-12-01 08:53:32
Authorization through vk.api and access control to certain pages of the site? 2Reply
S
Sergey Burduzha2018-08-30 11:46:03
How to solve "Sorry, wp-config.php file is not writable" when trying to install wordpress in ubuntu? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question