Virtual Host Best Practices
I just got myself a brand spanking new Linode and I love it so far. I'm decently familiar with Linux so I've managed to set everything up but now that I'm managing my own server I have some questions about best practices.
Basically, I have a couple of domains and subdomains that I care about and I'm really the only person administering them. For security purposes, I want to setup an account I can SFTP and SSH from that is locked to my home folder.
What is the correct approach from a security and organizational standpoint?
1. Do I put all the sites into /srv/www as the Linode guide states and then make symlinks from my home folder?
2. How do I make sure this is scalable in case my friend wants to help me out with a website and I have to setup group permissions for specific sites?
3. I've disabled the default site at /var/www. It seemed strange to put one site there and all the others in /srv/www… What is the right way to organize this?
Thanks!
5 Replies
> Basically, I have a couple of domains and subdomains that I care about and I'm really the only person administering them. For security purposes, I want to setup an account I can SFTP and SSH from that is locked to my home folder.
Why if you're the only one administering it?
If you have a friend that wants access to a single site then give that site a user and use
@obs:
> Basically, I have a couple of domains and subdomains that I care about and I'm really the only person administering them. For security purposes, I want to setup an account I can SFTP and SSH from that is locked to my home folder.Why if you're the only one administering it?
If you have a friend that wants access to a single site then give that site a user and use
http://library.linode.com/security/sftp-jails/ to lock that user to their home folder.
I understand that, but I'm still confused about where the site data should live. Let's say I have a site example.com that me and my friend jointly work on.
All the data lives in /srv/www/example.com (like my other sites). I add myself and my friend to a group that then "chowns" that folder, correct? However, I don't want my friend to be able to go poking around the file system so I lock him down to the home folder (SFTP jail). However, now he can't access the site unless I put a symlink?
@obs:
Lock him down to /srv/www/example.com instead of his home folder by setting ChrootDirectory /srv/www/example.com
I understand now, many thanks!