Limiting commands for certain users to certain directories

I recently offered a F\OSS project I work with to move their site from their old crappy host to my Linode. They jumped on that right away.

I have a slight OCD for security, and I only want them to be able to mess with the files and configuration for their site. However, since their site is being run by the same web server daemon as my site, the files are owned by the same user and group. Is it possible to do this via sudo, or possible run two instances of my server daemon (nginx), each owned by a different user/group? So far, in my searches around the web, I haven't found a way to do this.

3 Replies

Just started running the permissions system in Linux through my head, and something I just thought of: If I change the group on the files for the other site and I leave the user set to my nginx user, would this mess with nginx's ability to correctly serve the site? If not, I can easily add the people for the other project to said group and give their group rwx permissions for their site.

@Piki:

Just started running the permissions system in Linux through my head, and something I just thought of: If I change the group on the files for the other site and I leave the user set to my nginx user, would this mess with nginx's ability to correctly serve the site? If not, I can easily add the people for the other project to said group and give their group rwx permissions for their site.

That should work just fine.

The more common way I've see it done is the opposite of that, user owns the files and the web server user has group access. However, it sounds like you have multiple users, so your proposal makes sense.

Yes, I am allowing access to official members of the project, so there will be multiple users. Just wanted to make sure this wouldn't mess with nginx :)

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct