Creating Linux Accounts with Home Directory Symlinks

Question

My workplace is setting up a new server for hosting PHP applications. I work at a university, and this will essentially be a playground to keep faculty and staff who want to tinker with PHP away from our production webspace.

I've been asked to create an account for each department on campus that will be using the system. Each account's "home" folder is supposed to be a symlink to their designated folder under the web root with the user account name, and they aren't supposed to be able to move above their home folder.

So, when a user logs in via their deparment account (lets say "gradstudies"), they'll automatically be in the /srv/www/htdocs/gradstudies folder, and unable to move above that. Within that folder, they should be able to do whatever they want.

Is it possible to do this simply with user account and group settings, or do I need to create vhosts and stuff within Apache? I really don't want to have to tinker with the Apache configuration if it can be avoided.

Answer 1

How will users be logging in to the system? Direct shell access, sftp, ftp, webdav, smb, nfs, ...? Forcing alternate root folder directly is done very differently depending on the file publishing protocol. Personally, I really like sftp these days, and setting up chroot with sftp is pretty easy with recent versions of OpenSSH.

Why do you want to symlink from their home directory into the web root? Why not use something like mod_userdir to link their home directory into the web?

You might also want to strongly look at something like suphp which runs PHP code under the privileges of the user who owns the file. If you don't use something like that then PHP code will be run under the web servers account, and PHP code from one user can possibly break things accidentally, or intentionally for another user.