?
Solved

How to let developers to modify php and html files on /var/www/html ?

Posted on 2007-03-21
12
Medium Priority
?
225 Views
Last Modified: 2012-05-05
Hello Group,

Still I'm having problem in grantting permission to users (other than root) to be able to develop PHP pages on /var/www/html; What I have done so far and was expecting to work is modifiing /etc/sudoers as following:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
Developer1  ALL=(ALL)       ALL

The reason I need to do this is because only root can modify the file on web server. I'm not sure the above procedure is safe or proper but will appreciate it if somebody could give me a solution.

regards,
ak


0
Comment
Question by:akohan
  • 6
  • 5
12 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 18769467
What you have sure isn't safe by a long mile.

What permissions do you have on /var/www/html and your webpages?  There's no good reason to have them owned by root (unless you have some very unusual requirements).

How do your developers update your website?  Do copy their changes over the versions in /var/www/html?
0
 
LVL 17

Accepted Solution

by:
psimation earned 260 total points
ID: 18769798
Agree; having root own the /var/www/html is not a good idea.
As a rule of thumb, your websites will each have their own sub folder in /var/www/html. What you can easily do is to "chown" each of your websites to a specific user you create for that website and to give the user write permissions with "chmod". Then, you can edit your vsftpd.conf file to "jail" users to their home directories and voila!

examples:

adduser website_1_user -d /var/www/html/website1
passwd website_1_user

chown -R website_1_user /var/www/html/website1
chmod 755 /var/www/html/website1

now just edit the vsftpd.conf file to ensure that it has at least this in (amongst others):

anonymous_enable=NO
chroot_local_user=YES

service vsftpd restart

Now, if that user ftp to your server, he will have 755 permission ONLY to the /var/www/html/website1 folder.

If you want ( for instance if you are going to have a large number of websites), you can create another user that is part of the "web_admin" group ( you will need to create this group - groupadd), then you can "chown" the webfolder root to that group:

chown new_admin_user:web_admin -R /var/www/html

then, with that "web_admin_user" you will be able to access ALL your websites with that one ftp account.




0
 

Author Comment

by:akohan
ID: 18775521


Thank you so much for your the information you shared with me. However, I don't know what VSFTPD.CONF is. Would you please explain this to me?

Thanks,
AK
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 

Author Comment

by:akohan
ID: 18775523


One more thing, I understand that it is not safe but what could cause if somebody works as root on a webpage or doing development.

Thanks,
ak
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18776057
If someone works as root on your webpages, then they can change the content of any file, they could destroy the system, absolutely anything.
0
 

Author Comment

by:akohan
ID: 18776220


No, I know that but what I meant was a REAL ROOT. Is it possible to steal a root password as he/she is working on a page?
I need a good reason to know why working as root either developeing a page or chatting online or anything else  could be risky?





Thank you.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18776401
What do you mean by "REAL ROOT"?

If a user is root, they have access to all the passwords and change add/delete accounts, change the passwords or anything they like.
0
 

Author Comment

by:akohan
ID: 18776438


Hi Tintin,

Of course, ROOT can change everything. This is obvious but from your statement I thought you meant root password can get stolen. Now I know what you said.

However, It seems we are going to a different direction. What I had ask for was VSFTPD.CONF. Does anybody know what it is?

Thanks,
ak
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18777328
vsftpd.conf is the configuration file for vsftp, but from your question, it appears the developers have command line access to the webserver.  Correct?

Let's go back a few steps.

1.  Is there any good reason to have the web pages owned by root?
2.  What restrictions do you wish to place on the developers?
0
 

Author Comment

by:akohan
ID: 18777675

right. They have shell access.

Your questions:
>1.  Is there any good reason to have the web pages owned by root?
     No and it is not safe. The reason I asked that is because on my new system (Linux FC6) I did setup apahce and php. As user I can change a page or develop it. But when I login as user1 or ... I don't have access to the page I just can read it not to write. After discussion with an Admin he told me that I have to modify the /etc/sudoers;
I did so but still cannot develop a page due to not having permission to /var/www/html

What is the proper of doing this?

>2.  What restrictions do you wish to place on the developers?
I want user1 or user2 ... be able to modify write/read the PHP and HTML pages but must not have all premissions root has.

Thanks in advance for your help.
AK
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 240 total points
ID: 18777780
If you want user1 and user2 to have read/write permissions on your PHP and HTML pages, then simply make sure they are in the same group, eg: 'devs' then ensure directories have perms of 775 with group set to 'devs' and files set to 664 with group set to 'devs'.

No root access needed.
0
 

Author Comment

by:akohan
ID: 18783611


As root I gave permission to user1 (my other account) to be able to modify files in /var/www/html

Thanks
ak
0

Featured Post

2018 Annual Membership Survey

Here at Experts Exchange, we strive to give members the best experience. Help us improve the site by taking this survey today! (Bonus: Be entered to win a great tech prize for participating!)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Whether you have a site with just static html pages or a dynamic database-driven one, this step-by-step migration guide will help you get started with your new DV server. This guide is by no means comprehensive but it should cover the basics to get …
The Super Bowl is just days away. Millions of advertising dollars will be spent in just a few hours to drive people to websites around the globe. Optimizing your site in anticipation of a big event like this (and the traffic surges that follow) will…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Suggested Courses

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question