Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

To segregate users Iv'e tried ACLs for a long time but it's not workable. Instead with the modern technologies, I'm looking for a simple system, I use basic Linux permissions and more advanced systems, I use a using Linux Containers or Docker.

...

Code Block
languagebash
cd /opt/web
sudo mkdir www.krypton.com # Home directory for the website.
 
cd /opt/web/www.krypton.com
sudo mkdir www # Folder for static content
sudo addgroup --gid 3100 wgkryptonian # Special work group to distinguish users who should have access to the website.
 
cd /opt/web
sudo chown -R serveradmin:wgkryptonian ./www.krypton.com/
sudo chmod -R o-wx ./www.krypton.com/ # Make sure others can't change files.
sudo chown -R serveradmin.wgkryptonian ./www.krypton.com/ # Ensure setgid bit is setup so new files created will have same groups.

sudo find ./www.krypton.com/ -type d | sudo xargs -I{} chmod g+s {}


# Repeat for www.earth.com
cd /opt/web
sudo mkdir -p www.earth.com/www # Makes both directories with one command
sudo addgroup --gid 3101 wgearthling
sudo chown -R serveradmin:wgearthling ./www.earth.com/

sudo chownfind -R serveradmin.wgearthling ./www.earth.com/ -type d | sudo xargs -I{} chmod g+s {}

The basic file permissions are pretty straight-forward. Enforcing group permissions of newly created files is not so straight forward. If you do not understand the limitations or how the command works, read the Bonsaframework setgid specifically the section around folders.

Now we create users that will have access to their respective websites,

...