/ Register

Learn about Centmin Mod LEMP Stack today
Become a Member

Best Practice for a Sudo Developer User?

Discussion in 'System Administration' started by Matt S., Oct 2, 2018.

Tags:
Previous Thread Next Thread
Loading...
  1. Oct 2, 2018 #1
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    I'm a solo web designer/developer and I'm looking to use a Centmin Mod VPS for my own production hosting. I'd like to work with permissions similar to those provisioned by ServerPilot and RunCloud, where a sudo user has enough access to read logs, restart services, and SSH files to multiple web apps under a single account.

    Presently, I'm doing everything as root and I'm 98% sure that's a horrific idea. It makes it easy to SSH into /home/nginx and `git clone` projects into centmin-created virtual hosts, but I also need to `chown nginx:nginx` everything I check out and using root is a bit strong for eventual CI/CD setups that'll use SSH to pull stuff automatically. I don't use the SFTP accounts and I only use keys for authentication.

    I don't need to grant multiple people access, I'd just like to end up with a fairly flexible user for SSH and managing web projects that isn't root. (Unless I'm wrong and I should just get comfortable with that.)

    I'll have a decent understanding of how permissions and groups work, but I'm not sure how I might go about setting up such a user or what to look out for. I know from experience that I'm likely to get a few things wrong and SSH files that aren't owned properly, etc.

    You have my gratitude if you've made it to the end of this verbose post. Any suggestions or criticisms are entirely welcome! :)
     
  2. Oct 2, 2018 #2
    eva2000

    eva2000 Administrator Staff Member

    54,906
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    2:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Centmin Mod 123.09beta01 and higher have a tools/addsudousers.sh script created to properly setup sudo users for elevation to root user. You can add a new sudo user i.e. george via below commands
    Code (Text):
    cd /usr/local/src/centminmod/tools
./addsudousers.sh george

    Note files uploaded by sudo user won't be owned by nginx user/group so if you have web apps that use such sudo user uploaded files, the web server and php won't be able those sudo user uploaded files as they'd have their own permissions and home directory i.e. /home/sudousername

    However, Centmin Mod and it's centmin.sh menu are intended to be used as root user so if you're running centmin.sh or centmin mod tools/scripts/addons use root user.

    With that said some non-Centmin Mod related menu tasks you could do as a sudo user but if you're concerned with uploading files with right permissions, just use the nginx vhost created site's pure-ftpd virtual ftp user which uploads file as nginx user/group by default.
     
  3. Oct 2, 2018 #3
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    Thank you, @eva2000. I'm running 123.09beta01 and missed the sudo users tool. I've avoided using the individual vhost users because it'd mean managing significantly more credentials as I'm staging+changing apps frequently. I also SSH and git pull files only and rarely FTP anything around.

    Sounds like it'd be best to just add a sudo user, work primarily with that day to day, and be mindful of permissions within /home/nginx/. Works for me!
     
  4. Oct 4, 2018 #4
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    I apologize if I'm being daft @eva2000, but am I wrong to expect that tools/addsudousers.sh should create the system user and make that user a sudoer?

    When I run
    Code:
    /usr/local/src/centminmod/tools/addsudousers.sh foo
    (123.09beta01), there is no output and seemingly no activity. I presume that's because of the check for /etc/sudoers.d, which doesn't exist on my system.
     
  5. Oct 4, 2018 #5
    eva2000

    eva2000 Administrator Staff Member

    54,906
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    2:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    what OS version you using CentOS 6.x or 7.x ? strange both versions should have that directory
     
  6. Oct 4, 2018 #6
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    CentOS 7.5.1804
     
  7. Oct 4, 2018 #7
    eva2000

    eva2000 Administrator Staff Member

    54,906
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    2:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    try installing sudo yum package then it might be missing which I haven't seen before on default CentOS images. Who's your web host / plan ?

    Code (Text):
    yum -y install sudo
     
  8. Oct 4, 2018 #8
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    That did it, thanks @eva2000!

    It's a RamNode 2GB OpenVZ server I provisioned on 9/30/18 with CentOS 7 x86_64 Minimal. The Centmin Mod install also took a really long time (I forget how many seconds), so I'm guessing this is all because I chose that "minimal" variant.
     
  9. Oct 4, 2018 #9
    eva2000

    eva2000 Administrator Staff Member

    54,906
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    2:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Great to hear. You can recheck your install times as install log is in /root/centminlogs

    to find the relevant log files in /root/centminlogs you can use this list (ls) command with ascending time order so newest files on the bottom
    Code (Text):
    ls -lahrt /root/centminlogs | egrep 'install_time_stats|_install'

    example
    Code (Text):
    ls -lahrt /root/centminlogs | egrep 'install_time_stats|_install'        
-rw-r--r--  1 root root 4.2M Aug 22 23:24 centminmod_123.09beta01.b052_220818-190244_install.log
-rw-r--r--  1 root root    8 Aug 22 23:24 getcmtime_installtime_220818-185618.log
-rw-r--r--  1 root root   56 Aug 22 23:24 firstyum_installtime_220818-185618.log
-rw-r--r--  1 root root  795 Aug 22 23:24 install_time_stats_220818-185618.log

    and use cat to output contents of log to screen
    Code (Text):
    cat /root/centminlogs/install_time_stats_220818-185618.log
---------------------------------------------------------------------------
Total Curl Installer YUM or DNF Time: 213.5361 seconds
Total YUM Time: 17.751741486 seconds
Total YUM or DNF + Source Download Time: 58.3451
Total Nginx First Time Install Time: 402.1848
Total PHP First Time Install Time: 393.0506
Download Zip From Github Time: 0.0000
Total Time Other eg. source compiles: 448.2321
Total Centmin Mod Install Time: 1301.8126
---------------------------------------------------------------------------
Total Install Time (curl yum + cm install + zip download): 1515.3487 seconds
---------------------------------------------------------------------------
2 Intel(R) Xeon(R) Silver 4114 CPU @ 2.20GHz
2 2199.992
---------------------------------------------------------------------------
     
  10. Oct 4, 2018 #10
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    Ah, thanks! Looks like it wasn't that bad...

    Code:
    ---------------------------------------------------------------------------
Total Curl Installer YUM or DNF Time: 304.5017 seconds
Total YUM Time: 27.878996513 seconds
Total YUM or DNF + Source Download Time: 81.5366
Total Nginx First Time Install Time: 808.2832
Total PHP First Time Install Time: 788.1609
Download Zip From Github Time: 0.0000
Total Time Other eg. source compiles: 676.1986
Total Centmin Mod Install Time: 2354.1794
---------------------------------------------------------------------------
Total Install Time (curl yum + cm install + zip download): 2658.6811 seconds
---------------------------------------------------------------------------
2 Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz
2 2400.147
---------------------------------------------------------------------------
     
  11. Oct 4, 2018 #11
    eva2000

    eva2000 Administrator Staff Member

    54,906
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    2:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Does look kind of show for 2 core E3-2630v3... was that standard betainstaller.sh or betainstaller7.sh or betainstaller-latest.sh as latter 2 install more stuff and PHP 7 installs take longer than default betainstaller.sh's PHP 5.6 install so could account for the slower total install times
     
  12. Oct 4, 2018 #12
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    @eva2000 I used betainstaller72.sh, and in hindsight it's looking like I was just impatient. I'd already seen some install times people shared around here from much beefier machines.
     
  13. Oct 4, 2018 #13
    eva2000

    eva2000 Administrator Staff Member

    54,906
    12,240
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,811
    Local Time:
    2:05 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah that would explain it PHP 7 takes longer to compiler and install than PHP 5.6 so using the betainstaller72.sh those install times look about right :)
     
  14. Oct 4, 2018 #14
    Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    9:05 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    Thanks @eva2000! Your comments are both helpful and reassuring.
     
Previous Thread Next Thread
Loading...

.