Solved

how to set up linux permissions for contractor?

Posted on 2010-11-17
3
373 Views
Last Modified: 2012-05-10
I am setting up a webserver for a contractor to use.  i want to give them permissions to log in, upload files to the website, restart apache if needed, and set up the postrgres db.  what is the best practice for doing this?  i want to give them enough permissions to get the job done, but not too many permissions they dont need.
0
Comment
Question by:trip008vk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 5

Expert Comment

by:dacasey
ID: 34157643
Create an account for him.  Add him to the apache group, postgres and other groups as necessary.

adduser consultant

vi \etc\group   <- add the newly created user to al groups you think he will need.
0
 
LVL 7

Accepted Solution

by:
Hatrix76 earned 250 total points
ID: 34162785
NEVER EVER touch /etc/passwd or /etc/group directly!

You should never do that, but use the tools the system provides you with.

usermod -a -G <group> <user>


to add a user to groups

for sudo, use visudo, etc.


So, having this out of the way, your answer depends deeply on which distribution of linux you will use, in centos i would do:

He should be able to watch the logfiles of httpd, as they are world-readable

allow him to restart apache with sudo (use visudo) add:
<username> ALL=/etc/init.d/httpd start, /etc/init.d/httpd stop,/etc/init.d/httpd restart, /sbin/services httpd restart

then add him to the group you use for the website (like apache) and make sure the upload directory for the webpage has group read-write-execute permissions on them.

Then, create him an postgresql user account which is allowed to create databases and you should be good to go. With this account he should be able to administrate his databases.
0
 

Author Closing Comment

by:trip008vk
ID: 34168257
Thank you, Hatrix76.  this is along the lines of what i had been thinking.  dacasey's "solution" wasn't helpful at all
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can upgrade Python from version 2.7.6 to Python 2.7.10 on the Linux Mint operating system. I am using an Oracle Virtual Box where I have installed Linux Mint operating system version 17.2. Once yo…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question