Learn about Centmin Mod LEMP Stack today
Register Now

limited user / git deployment #64

Discussion in 'Install & Upgrades or Pre-Install Questions' started by tuwi, Dec 18, 2016.

  1. tuwi

    tuwi New Member

    10
    2
    3
    Dec 17, 2016
    Ratings:
    +3
    Local Time:
    8:04 PM
    Hi,
    i started recently to use centminmod and I really love it.
    On most cases its the perfect solution but I'm facing this situation where I should give access to 2 devs to git pull / composer update and other basic ops on the staging server (and also quickfixes maybe on the live ).

    Whats the best practice for this on centminmod ? Do i just create the two un-priviledged users and put them in the nginx group (as primary) or there is some "best practice"

    I would normally just use jenkins but i cant do that in this situation so any idea is appreciated
    Any ideas ? (also opened issue on github here limited user / git deployment · Issue #64 · centminmod/centminmod · GitHub and got redirected here )
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,165
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    4:04 AM
    Nginx 1.13.x
    MariaDB 5.5
    can you elaborate on specifically how those 2 devs will access and use git and composer ?
     
  3. tuwi

    tuwi New Member

    10
    2
    3
    Dec 17, 2016
    Ratings:
    +3
    Local Time:
    8:04 PM
    They would do a gitpull / rsync / composer update and in worst case scenario they can edit a file in prod for any disastrous quick fix (they do have their own stage server where they test but unpredictable things can happen #murphys'slaw ).
    My idea was to create a fpm pool with a username (ie app1) and a specific socket and give them access to that user via cert.
    I'm always open to suggestion on whats the best practice in this case without using jenkins..

    Thanks
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,165
    6,784
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,135
    Local Time:
    4:04 AM
    Nginx 1.13.x
    MariaDB 5.5
    FAQ item 2 - unfortunately Centmin Mod wasn't made for shared hosting in mind it was for yourself or folks you trust. Once you put a system linux user into nginx group, they essentially will have same privileges to nginx somewhat. The way Centmin Mod is structured now there's no jailed/chroot restrictions so whatever user you give access to, you need to trust them.