Trying to establish a secure multiuser environment with limited user permissions and automated deployment. The example has been made simple to express the idea.
Docroot: /var/www/site/staging/current/public
Deploy user site-staging:staging
Home directory: /home/site-staging
The deploy tool creates two directories - releases and current. Current is a sym link to a releases subdirectory which changes on every site update.
Current is then mount -a
to the document root which actually mounts the release directory since you can't mount a symlink.
#/etc/fstab
/var/www/site/staging/current /home/site-staging/current none rw,bind
Keep in mind the current directory is a symlink and would require a umount and remount everytime the site is deployed / updated.
How can I limit the deploy user to their home directory (chroot) while also automatically mounting the current directory to docroot?
Is that the only option? Is there a better strategy?