Solved

How to let developers to modify php and html files on /var/www/html ?

Posted on 2007-03-21
12
211 Views
Last Modified: 2012-05-05
Hello Group,

Still I'm having problem in grantting permission to users (other than root) to be able to develop PHP pages on /var/www/html; What I have done so far and was expecting to work is modifiing /etc/sudoers as following:

## Allow root to run any commands anywhere
root    ALL=(ALL)       ALL
Developer1  ALL=(ALL)       ALL

The reason I need to do this is because only root can modify the file on web server. I'm not sure the above procedure is safe or proper but will appreciate it if somebody could give me a solution.

regards,
ak


0
Comment
Question by:akohan
  • 6
  • 5
12 Comments
 
LVL 48

Expert Comment

by:Tintin
ID: 18769467
What you have sure isn't safe by a long mile.

What permissions do you have on /var/www/html and your webpages?  There's no good reason to have them owned by root (unless you have some very unusual requirements).

How do your developers update your website?  Do copy their changes over the versions in /var/www/html?
0
 
LVL 17

Accepted Solution

by:
psimation earned 65 total points
ID: 18769798
Agree; having root own the /var/www/html is not a good idea.
As a rule of thumb, your websites will each have their own sub folder in /var/www/html. What you can easily do is to "chown" each of your websites to a specific user you create for that website and to give the user write permissions with "chmod". Then, you can edit your vsftpd.conf file to "jail" users to their home directories and voila!

examples:

adduser website_1_user -d /var/www/html/website1
passwd website_1_user

chown -R website_1_user /var/www/html/website1
chmod 755 /var/www/html/website1

now just edit the vsftpd.conf file to ensure that it has at least this in (amongst others):

anonymous_enable=NO
chroot_local_user=YES

service vsftpd restart

Now, if that user ftp to your server, he will have 755 permission ONLY to the /var/www/html/website1 folder.

If you want ( for instance if you are going to have a large number of websites), you can create another user that is part of the "web_admin" group ( you will need to create this group - groupadd), then you can "chown" the webfolder root to that group:

chown new_admin_user:web_admin -R /var/www/html

then, with that "web_admin_user" you will be able to access ALL your websites with that one ftp account.




0
 

Author Comment

by:akohan
ID: 18775521


Thank you so much for your the information you shared with me. However, I don't know what VSFTPD.CONF is. Would you please explain this to me?

Thanks,
AK
0
 

Author Comment

by:akohan
ID: 18775523


One more thing, I understand that it is not safe but what could cause if somebody works as root on a webpage or doing development.

Thanks,
ak
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18776057
If someone works as root on your webpages, then they can change the content of any file, they could destroy the system, absolutely anything.
0
 

Author Comment

by:akohan
ID: 18776220


No, I know that but what I meant was a REAL ROOT. Is it possible to steal a root password as he/she is working on a page?
I need a good reason to know why working as root either developeing a page or chatting online or anything else  could be risky?





Thank you.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 48

Expert Comment

by:Tintin
ID: 18776401
What do you mean by "REAL ROOT"?

If a user is root, they have access to all the passwords and change add/delete accounts, change the passwords or anything they like.
0
 

Author Comment

by:akohan
ID: 18776438


Hi Tintin,

Of course, ROOT can change everything. This is obvious but from your statement I thought you meant root password can get stolen. Now I know what you said.

However, It seems we are going to a different direction. What I had ask for was VSFTPD.CONF. Does anybody know what it is?

Thanks,
ak
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18777328
vsftpd.conf is the configuration file for vsftp, but from your question, it appears the developers have command line access to the webserver.  Correct?

Let's go back a few steps.

1.  Is there any good reason to have the web pages owned by root?
2.  What restrictions do you wish to place on the developers?
0
 

Author Comment

by:akohan
ID: 18777675

right. They have shell access.

Your questions:
>1.  Is there any good reason to have the web pages owned by root?
     No and it is not safe. The reason I asked that is because on my new system (Linux FC6) I did setup apahce and php. As user I can change a page or develop it. But when I login as user1 or ... I don't have access to the page I just can read it not to write. After discussion with an Admin he told me that I have to modify the /etc/sudoers;
I did so but still cannot develop a page due to not having permission to /var/www/html

What is the proper of doing this?

>2.  What restrictions do you wish to place on the developers?
I want user1 or user2 ... be able to modify write/read the PHP and HTML pages but must not have all premissions root has.

Thanks in advance for your help.
AK
0
 
LVL 48

Assisted Solution

by:Tintin
Tintin earned 60 total points
ID: 18777780
If you want user1 and user2 to have read/write permissions on your PHP and HTML pages, then simply make sure they are in the same group, eg: 'devs' then ensure directories have perms of 775 with group set to 'devs' and files set to 664 with group set to 'devs'.

No root access needed.
0
 

Author Comment

by:akohan
ID: 18783611


As root I gave permission to user1 (my other account) to be able to modify files in /var/www/html

Thanks
ak
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Fine Tune your automatic Updates for Ubuntu / Debian
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now