?
Solved

How to let developers to modify php and html files on /var/www/html ?

Posted on 2007-03-21
12
Medium Priority
?
221 Views
Last Modified: 2012-05-05
Hello Group,

Still I'm having problem in grantting permission to users (other than root) to be able to develop PHP pages on /var/www/html; What I have done so far and was expecting to work is modifiing /etc/sudoers as following:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
Developer1  ALL=(ALL)       ALL

The reason I need to do this is because only root can modify the file on web server. I'm not sure the above procedure is safe or proper but will appreciate it if somebody could give me a solution.

regards,
ak


0
Comment
Question by:akohan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
12 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 18769467
What you have sure isn't safe by a long mile.

What permissions do you have on /var/www/html and your webpages?  There's no good reason to have them owned by root (unless you have some very unusual requirements).

How do your developers update your website?  Do copy their changes over the versions in /var/www/html?
0
 
LVL 17

Accepted Solution

by:
psimation earned 260 total points
ID: 18769798
Agree; having root own the /var/www/html is not a good idea.
As a rule of thumb, your websites will each have their own sub folder in /var/www/html. What you can easily do is to "chown" each of your websites to a specific user you create for that website and to give the user write permissions with "chmod". Then, you can edit your vsftpd.conf file to "jail" users to their home directories and voila!

examples:

adduser website_1_user -d /var/www/html/website1
passwd website_1_user

chown -R website_1_user /var/www/html/website1
chmod 755 /var/www/html/website1

now just edit the vsftpd.conf file to ensure that it has at least this in (amongst others):

anonymous_enable=NO
chroot_local_user=YES

service vsftpd restart

Now, if that user ftp to your server, he will have 755 permission ONLY to the /var/www/html/website1 folder.

If you want ( for instance if you are going to have a large number of websites), you can create another user that is part of the "web_admin" group ( you will need to create this group - groupadd), then you can "chown" the webfolder root to that group:

chown new_admin_user:web_admin -R /var/www/html

then, with that "web_admin_user" you will be able to access ALL your websites with that one ftp account.




0
 

Author Comment

by:akohan
ID: 18775521


Thank you so much for your the information you shared with me. However, I don't know what VSFTPD.CONF is. Would you please explain this to me?

Thanks,
AK
0
Cloud Training Guides

FREE GUIDES: In-depth and hand-crafted Linux, AWS, OpenStack, DevOps, Azure, and Cloud training guides created by Linux Academy instructors and the community.

 

Author Comment

by:akohan
ID: 18775523


One more thing, I understand that it is not safe but what could cause if somebody works as root on a webpage or doing development.

Thanks,
ak
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18776057
If someone works as root on your webpages, then they can change the content of any file, they could destroy the system, absolutely anything.
0
 

Author Comment

by:akohan
ID: 18776220


No, I know that but what I meant was a REAL ROOT. Is it possible to steal a root password as he/she is working on a page?
I need a good reason to know why working as root either developeing a page or chatting online or anything else  could be risky?





Thank you.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18776401
What do you mean by "REAL ROOT"?

If a user is root, they have access to all the passwords and change add/delete accounts, change the passwords or anything they like.
0
 

Author Comment

by:akohan
ID: 18776438


Hi Tintin,

Of course, ROOT can change everything. This is obvious but from your statement I thought you meant root password can get stolen. Now I know what you said.

However, It seems we are going to a different direction. What I had ask for was VSFTPD.CONF. Does anybody know what it is?

Thanks,
ak
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18777328
vsftpd.conf is the configuration file for vsftp, but from your question, it appears the developers have command line access to the webserver.  Correct?

Let's go back a few steps.

1.  Is there any good reason to have the web pages owned by root?
2.  What restrictions do you wish to place on the developers?
0
 

Author Comment

by:akohan
ID: 18777675

right. They have shell access.

Your questions:
>1.  Is there any good reason to have the web pages owned by root?
     No and it is not safe. The reason I asked that is because on my new system (Linux FC6) I did setup apahce and php. As user I can change a page or develop it. But when I login as user1 or ... I don't have access to the page I just can read it not to write. After discussion with an Admin he told me that I have to modify the /etc/sudoers;
I did so but still cannot develop a page due to not having permission to /var/www/html

What is the proper of doing this?

>2.  What restrictions do you wish to place on the developers?
I want user1 or user2 ... be able to modify write/read the PHP and HTML pages but must not have all premissions root has.

Thanks in advance for your help.
AK
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 240 total points
ID: 18777780
If you want user1 and user2 to have read/write permissions on your PHP and HTML pages, then simply make sure they are in the same group, eg: 'devs' then ensure directories have perms of 775 with group set to 'devs' and files set to 664 with group set to 'devs'.

No root access needed.
0
 

Author Comment

by:akohan
ID: 18783611


As root I gave permission to user1 (my other account) to be able to modify files in /var/www/html

Thanks
ak
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article discusses how to create an extensible mechanism for linked drop downs.
What You Need to Know when Searching for a Webhost Provider
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

741 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question