Users, groups and apache2 + svn/git

Hi everyone

I've been running a linode for a while now, but is has been a simple single user system - Me ;)

And now more users are going to be hosted on my linode, mostly just web and version control. But how do i manage that in a secure way for everyone so no one gets access to the wrong libraries.

I thought that one location for everything

/srv

was the most logical thing to do, makes it easier to backup.

For each company / friend i make a set of folders

Single user

/srv/friend1/www

/srv/friend1/svn

/srv/friend1/data

multiple users

/srv/company1/www

/srv/company1/svn

/srv/company1/data

/srv/company2/www

/srv/company2/svn

/srv/company2/data

/srv/friends2and3/www

/srv/friends2and3/svn

/srv/friend2and3/data

But how do i make groups and assign users to these groups, and then limit the user or group to their /srv location?

People are going to use scp to upload files and etc, and when i log in with my normal user today, i can go into any directory and copy files etc - I really don't want ppl to be able to access other ppls files. How do i secure them from eachother?

And is there anything else I've forgot thats crucial?

Hope someone can share some wisdom :)

1 Reply

You know, by default, if you add a user, they get their own directory in /home and you can set it so by default /home/user is has 770 permissions (umask of 007) so no one else can see each other's stuff.

Then you can have /home/user1/web, /home/user1/svn, etc. Be sure to make it so /home/$user/web can be read by others so apache can see it. (Unless you're going to run each domain as a different user, there's some apache module for that, too.)

Each user gets a group with their own name. And if you need to create a /home/grouping1 that has multiple people who need access, create a group called grouping1 and then add user1 and user2 to it.

Then you just backup /home and /etc (which has all of your configs) and /root (which, for me contains nothing, but who knows what you're doing).

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct