...
To segregate users Iv'e tried ACLs for a long time but it's not workable. Instead with the modern technologies, I'm looking for a simple system, I use basic Linux permissions and more advanced systems, I use a using Linux Containers or Docker.
...
Code Block | ||
---|---|---|
| ||
cd /opt/web sudo mkdir www.krypton.com # Home directory for the website. cd /opt/web/www.krypton.com sudo mkdir www # Folder for static content sudo addgroup --gid 3100 wgkryptonian # Special work group to distinguish users who should have access to the website. cd /opt/web sudo chown -R serveradmin:wgkryptonian ./www.krypton.com/ sudo chmod -R o-wx ./www.krypton.com/ # Make sure others can't change files. sudo chown -R serveradmin.wgkryptonian ./www.krypton.com/ # Ensure setgid bit is setup so new files created will have same groups. sudo find ./www.krypton.com/ -type d | sudo xargs -I{} chmod g+s {} # Repeat for www.earth.com cd /opt/web sudo mkdir -p www.earth.com/www # Makes both directories with one command sudo addgroup --gid 3101 wgearthling sudo chown -R serveradmin:wgearthling ./www.earth.com/ sudo chownfind -R serveradmin.wgearthling ./www.earth.com/ -type d | sudo xargs -I{} chmod g+s {} |
The basic file permissions are pretty straight-forward. Enforcing group permissions of newly created files is not so straight forward. If you do not understand the limitations or how the command works, read the Bonsaframework setgid specifically the section around folders.
Now we create users that will have access to their respective websites,
...