I'm setting up an Ubuntu server that will have 3 or 4 VirtualHosts that I want users to be able to work in (add new files, edit old files, etc.). I currently plan on storing the sites in /var/www
but wouldn't be opposed to moving it.
I know how to add new users, I know how to add new groups. I'm unsure of the best way to handle users being only able to edit some sites. I read over the answers here in this question, so I was thinking I could setup a group and add users to that group, but then they'd all have essentially the same permissions. Am I just going to have to assign each user specific permissions? Or is there a better way of handling this?
Added: I should also note, that I'll have each user login in via SSH/sFTP. The users would never need to do anything else on the server.
Best Answer
You should use a group for each website. And make all users that need write access to be members of the respective group.
Now each time the users are creating files under /var/www/www.site1.com folder they should use the
umask 0002
(in ~/.bashrc or in the deployment script) or they should set the permission for the group to have read write accesschmod -R g+rw /var/www/www.site1.com 2>/dev/null
.Another solution to set the permissions would be to use dnotify. Create
/usr/local/sbin/dnotify_handler-reset_perms.sh
script with the following content:And add to
/etc/rc.local
: