0

Trying to establish a secure multiuser environment with limited user permissions and automated deployment. The example has been made simple to express the idea.

Docroot: /var/www/site/staging/current/public
Deploy user site-staging:staging
Home directory: /home/site-staging

The deploy tool creates two directories - releases and current. Current is a sym link to a releases subdirectory which changes on every site update.

Current is then mount -a to the document root which actually mounts the release directory since you can't mount a symlink.

#/etc/fstab
/var/www/site/staging/current /home/site-staging/current none rw,bind

Keep in mind the current directory is a symlink and would require a umount and remount everytime the site is deployed / updated.

How can I limit the deploy user to their home directory (chroot) while also automatically mounting the current directory to docroot?

Is that the only option? Is there a better strategy?

csi
  • 1,535
  • 7
  • 22
  • 42

1 Answers1

1

You could use your home directory /home/site-staging/current as your docroot. Then every time you deploy and recreate the current symlink toward your release your site will updated.

typositoire
  • 176
  • 4
  • unfortunately the DocumentRoot should be current/public. This allows items in the project to be placed outside the document root. I don't believe the DocRoot can be a symlinked subdirectory like current/public is. Am I wrong on this? This was not shown correctly in the intial question but is updated. – csi Jan 15 '14 at 21:54
  • I'll test it later but I'm pretty sure that you can set your DocRoot to a subdirectory of a symlink as long as you enable Options FollowSymLinks in your apache config or vhost definition. – typositoire Jan 15 '14 at 22:26
  • 1
    In my setup, the parent 2 levels above DocumentRoot required the Options Symlinks Directive. So Options FollowSymLinks – csi Jan 16 '14 at 14:09