Want to subscribe to topics you're interested in?
Become a Member

Best Practice for a Sudo Developer User?

Discussion in 'System Administration' started by Matt S., Oct 2, 2018.

Tags:
  1. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    I'm a solo web designer/developer and I'm looking to use a Centmin Mod VPS for my own production hosting. I'd like to work with permissions similar to those provisioned by ServerPilot and RunCloud, where a sudo user has enough access to read logs, restart services, and SSH files to multiple web apps under a single account.

    Presently, I'm doing everything as root and I'm 98% sure that's a horrific idea. It makes it easy to SSH into /home/nginx and `git clone` projects into centmin-created virtual hosts, but I also need to `chown nginx:nginx` everything I check out and using root is a bit strong for eventual CI/CD setups that'll use SSH to pull stuff automatically. I don't use the SFTP accounts and I only use keys for authentication.

    I don't need to grant multiple people access, I'd just like to end up with a fairly flexible user for SSH and managing web projects that isn't root. (Unless I'm wrong and I should just get comfortable with that.)

    I'll have a decent understanding of how permissions and groups work, but I'm not sure how I might go about setting up such a user or what to look out for. I know from experience that I'm likely to get a few things wrong and SSH files that aren't owned properly, etc.

    You have my gratitude if you've made it to the end of this verbose post. Any suggestions or criticisms are entirely welcome! :)
     
  2. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:25 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Centmin Mod 123.09beta01 and higher have a tools/addsudousers.sh script created to properly setup sudo users for elevation to root user. You can add a new sudo user i.e. george via below commands
    Code (Text):
    cd /usr/local/src/centminmod/tools
    ./addsudousers.sh george
    

    Note files uploaded by sudo user won't be owned by nginx user/group so if you have web apps that use such sudo user uploaded files, the web server and php won't be able those sudo user uploaded files as they'd have their own permissions and home directory i.e. /home/sudousername

    However, Centmin Mod and it's centmin.sh menu are intended to be used as root user so if you're running centmin.sh or centmin mod tools/scripts/addons use root user.

    With that said some non-Centmin Mod related menu tasks you could do as a sudo user but if you're concerned with uploading files with right permissions, just use the nginx vhost created site's pure-ftpd virtual ftp user which uploads file as nginx user/group by default.
     
  3. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    Thank you, @eva2000. I'm running 123.09beta01 and missed the sudo users tool. I've avoided using the individual vhost users because it'd mean managing significantly more credentials as I'm staging+changing apps frequently. I also SSH and git pull files only and rarely FTP anything around.

    Sounds like it'd be best to just add a sudo user, work primarily with that day to day, and be mindful of permissions within /home/nginx/. Works for me!
     
    style="display:inline-block;min-width:400px;max-width:970px;width:95%;height:90px" data-ad-client="ca-pub-6669518204467592" data-ad-slot="4024536743" data-ad-format="auto">
  4. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    I apologize if I'm being daft @eva2000, but am I wrong to expect that tools/addsudousers.sh should create the system user and make that user a sudoer?

    When I run
    Code:
    /usr/local/src/centminmod/tools/addsudousers.sh foo
    (123.09beta01), there is no output and seemingly no activity. I presume that's because of the check for /etc/sudoers.d, which doesn't exist on my system.
     
  5. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:25 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    what OS version you using CentOS 6.x or 7.x ? strange both versions should have that directory
     
  6. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    CentOS 7.5.1804
     
  7. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:25 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    try installing sudo yum package then it might be missing which I haven't seen before on default CentOS images. Who's your web host / plan ?

    Code (Text):
    yum -y install sudo
    
     
  8. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    That did it, thanks @eva2000!

    It's a RamNode 2GB OpenVZ server I provisioned on 9/30/18 with CentOS 7 x86_64 Minimal. The Centmin Mod install also took a really long time (I forget how many seconds), so I'm guessing this is all because I chose that "minimal" variant.
     
    • Informative Informative x 1
  9. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:25 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Great to hear. You can recheck your install times as install log is in /root/centminlogs

    to find the relevant log files in /root/centminlogs you can use this list (ls) command with ascending time order so newest files on the bottom
    Code (Text):
    ls -lahrt /root/centminlogs | egrep 'install_time_stats|_install'
    

    example
    Code (Text):
    ls -lahrt /root/centminlogs | egrep 'install_time_stats|_install'        
    -rw-r--r--  1 root root 4.2M Aug 22 23:24 centminmod_123.09beta01.b052_220818-190244_install.log
    -rw-r--r--  1 root root    8 Aug 22 23:24 getcmtime_installtime_220818-185618.log
    -rw-r--r--  1 root root   56 Aug 22 23:24 firstyum_installtime_220818-185618.log
    -rw-r--r--  1 root root  795 Aug 22 23:24 install_time_stats_220818-185618.log
    

    and use cat to output contents of log to screen
    Code (Text):
    cat /root/centminlogs/install_time_stats_220818-185618.log
    ---------------------------------------------------------------------------
    Total Curl Installer YUM or DNF Time: 213.5361 seconds
    Total YUM Time: 17.751741486 seconds
    Total YUM or DNF + Source Download Time: 58.3451
    Total Nginx First Time Install Time: 402.1848
    Total PHP First Time Install Time: 393.0506
    Download Zip From Github Time: 0.0000
    Total Time Other eg. source compiles: 448.2321
    Total Centmin Mod Install Time: 1301.8126
    ---------------------------------------------------------------------------
    Total Install Time (curl yum + cm install + zip download): 1515.3487 seconds
    ---------------------------------------------------------------------------
    2 Intel(R) Xeon(R) Silver 4114 CPU @ 2.20GHz
    2 2199.992
    ---------------------------------------------------------------------------
    
     
  10. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    Ah, thanks! Looks like it wasn't that bad...

    Code:
    ---------------------------------------------------------------------------
    Total Curl Installer YUM or DNF Time: 304.5017 seconds
    Total YUM Time: 27.878996513 seconds
    Total YUM or DNF + Source Download Time: 81.5366
    Total Nginx First Time Install Time: 808.2832
    Total PHP First Time Install Time: 788.1609
    Download Zip From Github Time: 0.0000
    Total Time Other eg. source compiles: 676.1986
    Total Centmin Mod Install Time: 2354.1794
    ---------------------------------------------------------------------------
    Total Install Time (curl yum + cm install + zip download): 2658.6811 seconds
    ---------------------------------------------------------------------------
    2 Intel(R) Xeon(R) CPU E5-2630 v3 @ 2.40GHz
    2 2400.147
    ---------------------------------------------------------------------------
     
  11. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:25 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Does look kind of show for 2 core E3-2630v3... was that standard betainstaller.sh or betainstaller7.sh or betainstaller-latest.sh as latter 2 install more stuff and PHP 7 installs take longer than default betainstaller.sh's PHP 5.6 install so could account for the slower total install times
     
  12. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    @eva2000 I used betainstaller72.sh, and in hindsight it's looking like I was just impatient. I'd already seen some install times people shared around here from much beefier machines.
     
  13. eva2000

    eva2000 Administrator Staff Member

    40,634
    9,023
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +13,891
    Local Time:
    5:25 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    Ah that would explain it PHP 7 takes longer to compiler and install than PHP 5.6 so using the betainstaller72.sh those install times look about right :)
     
  14. Matt S.

    Matt S. New Member

    15
    3
    3
    Oct 2, 2018
    Seattle
    Ratings:
    +8
    Local Time:
    12:25 PM
    1.15.5 (031018-171806)
    10.1.36-MariaDB
    Thanks @eva2000! Your comments are both helpful and reassuring.
     
    • Like Like x 1