I have a CentOS linux web server in which I have multiple web sites. I have many website programmers now doing the coding for all the sites. How can I provide a key-based authentication for the programmers in such a way that they have access only to /home folder ? They should be able to access only all the files inside /home and able to modify it. This is cPanel server in which all the sites comes under /home directory. Currently they are using separate passwords for every site. If I could give access to my developer inside /home folder, they would be able to do edit all the sites easily rather than having separate password for each site (eg : /home/site1 or /home/site2). Please share your ideas on the same.
Thanks,
On 05.11.2013 01:27, Gopu Krishnan wrote:
I have a CentOS linux web server in which I have multiple web sites. I have many website programmers now doing the coding for all the sites. How can I provide a key-based authentication for the programmers in such a way that they have access only to /home folder ? They should be able to access only all the files inside /home and able to modify it. This is cPanel server in which all the sites comes under /home directory. Currently they are using separate passwords for every site. If I could give access to my developer inside /home folder, they would be able to do edit all the sites easily rather than having separate password for each site (eg : /home/site1 or /home/site2). Please share your ideas on the same.
Have a look at setfacl, it's the only thing that comes to mind which could work.
From: Gopu Krishnan gopukrishnantec@gmail.com
I have a CentOS linux web server in which I have multiple web sites. I have many website programmers now doing the coding for all the sites. How can I provide a key-based authentication for the programmers in such a way that they have access only to /home folder ? They should be able to access only all the files inside /home and able to modify it. This is cPanel server in which all the sites comes under /home directory. Currently they are using separate passwords for every site. If I could give access to my developer inside /home folder, they would be able to do edit all the sites easily rather than having separate password for each site (eg : /home/site1 or /home/site2). Please share your ideas on the same.
I do not know cPanel but what about all of them being part of the same group...? Then, give the correct permissions to the group.
JD
freeipa
On 5 November 2013 10:31, John Doe jdmls@yahoo.com wrote:
From: Gopu Krishnan gopukrishnantec@gmail.com
I have a CentOS linux web server in which I have multiple web sites. I have many website programmers now doing the coding for all the sites. How can I provide a key-based authentication for the programmers in such a way that they have access only to /home folder ? They should be able to access only all the files inside /home and able to modify it. This is cPanel server in which all the sites comes under /home directory. Currently they are using separate passwords for every site. If I could give access to my developer inside /home folder, they would be able to do edit all the sites easily rather than having separate password for each site (eg : /home/site1 or /home/site2). Please share your ideas on the same.
I do not know cPanel but what about all of them being part of the same group...? Then, give the correct permissions to the group.
JD _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Hi all, I cant own a particular group recursively to /home since each site files inside the /home is having their own username and passwor. I guess i should try setfacl. Will let u knw the results.
On 11/5/13, Andrew Holway andrew.holway@gmail.com wrote:
freeipa
On 5 November 2013 10:31, John Doe jdmls@yahoo.com wrote:
From: Gopu Krishnan gopukrishnantec@gmail.com
I have a CentOS linux web server in which I have multiple web sites. I have many website programmers now doing the coding for all the sites. How can I provide a key-based authentication for the programmers in such a way that they have access only to /home folder ? They should be able to access only all the files inside /home and able to modify it. This is cPanel server in which all the sites comes under /home directory. Currently they are using separate passwords for every site. If I could give access to my developer inside /home folder, they would be able to do edit all the sites easily rather than having separate password for each site (eg : /home/site1 or /home/site2). Please share your ideas on the same.
I do not know cPanel but what about all of them being part of the same group...? Then, give the correct permissions to the group.
JD _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On 11/5/2013 3:40 AM, Gopu Krishnan wrote:
I cant own a particular group recursively to /home since each site files inside the /home is having their own username and passwor. I guess i should try setfacl. Will let u knw the results.
for each $USER... usermod -g webdev $USER chgroup -R webdev /home/$USER chmod -R g+rw /home/$USER
done.
On 05.11.2013 18:00, John R Pierce wrote:
On 11/5/2013 3:40 AM, Gopu Krishnan wrote:
I cant own a particular group recursively to /home since each site files inside the /home is having their own username and passwor. I guess i should try setfacl. Will let u knw the results.
for each $USER... usermod -g webdev $USER chgroup -R webdev /home/$USER chmod -R g+rw /home/$USER
done.
If that CPanel runs PHP as suphp or fcgi this will break functionality. I still think setfacl is the least invasive method.
When I set the setfacl, wordpress sites are giving 500 internal server error. I am planning to set a user 'developer' with the home directory as '/home' Inside the /home directory, each site is having its own ownership. For example, /home/site1 should have ownership user1:user1 and /home/site2 should have user2:user2 and so on. If I create a user 'developer' with home directory as /home, would he be able to access and modify the site files inside /home/site1 and /home/site2 which is having different ownership. Its not practical to add the user 'developer' to all the groups user1,user2 etc. Any thoughts on this ?
On Tue, Nov 5, 2013 at 11:42 PM, Nux! nux@li.nux.ro wrote:
On 05.11.2013 18:00, John R Pierce wrote:
On 11/5/2013 3:40 AM, Gopu Krishnan wrote:
I cant own a particular group recursively to /home since each site files inside the /home is having their own username and passwor. I guess i should try setfacl. Will let u knw the results.
for each $USER... usermod -g webdev $USER chgroup -R webdev /home/$USER chmod -R g+rw /home/$USER
done.
If that CPanel runs PHP as suphp or fcgi this will break functionality. I still think setfacl is the least invasive method.
-- Sent from the Delta quadrant using Borg technology!
Nux! www.nux.ro _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
From: Gopu Krishnan gopukrishnantec@gmail.com
When I set the setfacl, wordpress sites are giving 500 internal server error. I am planning to set a user 'developer' with the home directory as '/home' Inside the /home directory, each site is having its own ownership. For example, /home/site1 should have ownership user1:user1 and /home/site2 should have user2:user2 and so on. If I create a user 'developer' with home directory as /home, would he be able to access and modify the site files inside /home/site1 and /home/site2 which is having different ownership. Its not practical to add the user 'developer' to all the groups user1,user2 etc. Any thoughts on this ?
If you do not care too much about security, you could try to SGID the users' directories... Eg. http://www.library.yale.edu/wsg/docs/permissions/sgid.htm
JD
On Tue, Nov 5, 2013 at 11:38 PM, Gopu Krishnan gopukrishnantec@gmail.comwrote:
When I set the setfacl, wordpress sites are giving 500 internal server error. I am planning to set a user 'developer' with the home directory as '/home' Inside the /home directory, each site is having its own ownership. For example, /home/site1 should have ownership user1:user1 and /home/site2 should have user2:user2 and so on. If I create a user 'developer' with home directory as /home, would he be able to access and modify the site files inside /home/site1 and /home/site2 which is having different ownership. Its not practical to add the user 'developer' to all the groups user1,user2 etc. Any thoughts on this ?
I'm no familiar with cpanel. Can you create a user for each web site? (but it seems like you are not doing/wanting that.) If so, you can use something like this for users to login without password:
http://www.linuxproblem.org/art_9.html
What is wrong with having a username for each site with separate password?
-wes
-
Andrew Holway -
Gopu Krishnan -
John Doe -
John R Pierce -
Nux! -
Wes James