5

I'm setting up an Ubuntu server that will have 3 or 4 VirtualHosts that I want users to be able to work in (add new files, edit old files, etc.). I currently plan on storing the sites in /var/www but wouldn't be opposed to moving it.

I know how to add new users, I know how to add new groups. I'm unsure of the best way to handle users being only able to edit some sites. I read over the answers here in this question, so I was thinking I could setup a group and add users to that group, but then they'd all have essentially the same permissions. Am I just going to have to assign each user specific permissions? Or is there a better way of handling this?

Added: I should also note, that I'll have each user login in via SSH/sFTP. The users would never need to do anything else on the server.

1 Answers1

6

You should use a group for each website. And make all users that need write access to be members of the respective group.

groupadd site1_com
mkdir /var/www/www.site1.com
chgrp site1_com /var/www/www.site1.com
find /var/www/www.site1.com -type d -print0|xargs -0 chmod g=rwxs
chmod -R g+rw /var/www/www.site1.com
usermod -aG site1_com user1

Now each time the users are creating files under /var/www/www.site1.com folder they should use the umask 0002 (in ~/.bashrc or in the deployment script) or they should set the permission for the group to have read write access chmod -R g+rw /var/www/www.site1.com 2>/dev/null.

Another solution to set the permissions would be to use dnotify. Create /usr/local/sbin/dnotify_handler-reset_perms.sh script with the following content:

#! /bin/sh
CHANGED_FOLDER=$1
find $CHANGED_FOLDER -maxdepth 1 -mmin 0 -not -perm -g+w -exec chmod g+w {} \;

And add to /etc/rc.local:

dnotify --recursive /var/www/www.site1.com --create --execute --background /usr/local/sbin/dnotify_handler-reset_perms.sh
Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80