How to let developers to modify php and html files on /var/www/html ?

Hello Group,

Still I'm having problem in grantting permission to users (other than root) to be able to develop PHP pages on /var/www/html; What I have done so far and was expecting to work is modifiing /etc/sudoers as following:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
Developer1  ALL=(ALL)       ALL

The reason I need to do this is because only root can modify the file on web server. I'm not sure the above procedure is safe or proper but will appreciate it if somebody could give me a solution.

regards,
ak


akohanAsked:
Who is Participating?
 
psimationCommented:
Agree; having root own the /var/www/html is not a good idea.
As a rule of thumb, your websites will each have their own sub folder in /var/www/html. What you can easily do is to "chown" each of your websites to a specific user you create for that website and to give the user write permissions with "chmod". Then, you can edit your vsftpd.conf file to "jail" users to their home directories and voila!

examples:

adduser website_1_user -d /var/www/html/website1
passwd website_1_user

chown -R website_1_user /var/www/html/website1
chmod 755 /var/www/html/website1

now just edit the vsftpd.conf file to ensure that it has at least this in (amongst others):

anonymous_enable=NO
chroot_local_user=YES

service vsftpd restart

Now, if that user ftp to your server, he will have 755 permission ONLY to the /var/www/html/website1 folder.

If you want ( for instance if you are going to have a large number of websites), you can create another user that is part of the "web_admin" group ( you will need to create this group - groupadd), then you can "chown" the webfolder root to that group:

chown new_admin_user:web_admin -R /var/www/html

then, with that "web_admin_user" you will be able to access ALL your websites with that one ftp account.




0
 
TintinCommented:
What you have sure isn't safe by a long mile.

What permissions do you have on /var/www/html and your webpages?  There's no good reason to have them owned by root (unless you have some very unusual requirements).

How do your developers update your website?  Do copy their changes over the versions in /var/www/html?
0
 
akohanAuthor Commented:


Thank you so much for your the information you shared with me. However, I don't know what VSFTPD.CONF is. Would you please explain this to me?

Thanks,
AK
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
akohanAuthor Commented:


One more thing, I understand that it is not safe but what could cause if somebody works as root on a webpage or doing development.

Thanks,
ak
0
 
TintinCommented:
If someone works as root on your webpages, then they can change the content of any file, they could destroy the system, absolutely anything.
0
 
akohanAuthor Commented:


No, I know that but what I meant was a REAL ROOT. Is it possible to steal a root password as he/she is working on a page?
I need a good reason to know why working as root either developeing a page or chatting online or anything else  could be risky?





Thank you.
0
 
TintinCommented:
What do you mean by "REAL ROOT"?

If a user is root, they have access to all the passwords and change add/delete accounts, change the passwords or anything they like.
0
 
akohanAuthor Commented:


Hi Tintin,

Of course, ROOT can change everything. This is obvious but from your statement I thought you meant root password can get stolen. Now I know what you said.

However, It seems we are going to a different direction. What I had ask for was VSFTPD.CONF. Does anybody know what it is?

Thanks,
ak
0
 
TintinCommented:
vsftpd.conf is the configuration file for vsftp, but from your question, it appears the developers have command line access to the webserver.  Correct?

Let's go back a few steps.

1.  Is there any good reason to have the web pages owned by root?
2.  What restrictions do you wish to place on the developers?
0
 
akohanAuthor Commented:

right. They have shell access.

Your questions:
>1.  Is there any good reason to have the web pages owned by root?
     No and it is not safe. The reason I asked that is because on my new system (Linux FC6) I did setup apahce and php. As user I can change a page or develop it. But when I login as user1 or ... I don't have access to the page I just can read it not to write. After discussion with an Admin he told me that I have to modify the /etc/sudoers;
I did so but still cannot develop a page due to not having permission to /var/www/html

What is the proper of doing this?

>2.  What restrictions do you wish to place on the developers?
I want user1 or user2 ... be able to modify write/read the PHP and HTML pages but must not have all premissions root has.

Thanks in advance for your help.
AK
0
 
TintinCommented:
If you want user1 and user2 to have read/write permissions on your PHP and HTML pages, then simply make sure they are in the same group, eg: 'devs' then ensure directories have perms of 775 with group set to 'devs' and files set to 664 with group set to 'devs'.

No root access needed.
0
 
akohanAuthor Commented:


As root I gave permission to user1 (my other account) to be able to modify files in /var/www/html

Thanks
ak
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.