Learn about Centmin Mod LEMP Stack today
Become a Member

Proper privileges on vhost folder

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by GASTAN, Feb 3, 2020.

  1. GASTAN

    GASTAN Member

    81
    11
    8
    Jun 28, 2017
    Ratings:
    +16
    Local Time:
    10:58 AM
    Hi

    I want to use two (ssh) users to manage files in site.
    What is recommended way to set privileges, so that they can both (I have them in same group) access /home/nginx/domains/mydomain.com/public/ to upload/modify files ?
    Right now, they cannot even cd to /home/nginx (which I dont need them to, but I want them to enter vhost dir

    thx
     
  2. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    7:58 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    As per Centmin Mod official FAQ item 2 https://centminmod.com/faq.html, Centmin Mod isn't made for shared hosting of isolated/jailed/chrooted users. So any user/group other than nginx will not have access to directories and files owned by Nginx/PHP-FPM users. You can create pure-ftpd virtual FTP users outlined at How to re-create Pure-FTPD user for Vhost? However, they would have files/directories owned by nginx user/group too but isolated to the Nginx vhost you specify. Still it isn't jailed/chrooted so if someone uploads a PHP it can technically still access other Nginx site vhosts as they're all owned by nginx user/group.

    Jailed/chrooted user account/sites is on long term to do list though - preview of what it may look like https://community.centminmod.com/threads/jailed-chrooted-sftp-ssh-user-nginx-vhost-menu.8/
     
  3. eva2000

    eva2000 Administrator Staff Member

    43,132
    9,792
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,122
    Local Time:
    7:58 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    Oh re-read that, you want SSH access not FTP ? In that case that wouldn't work as SSH non-root users would have access to only /home/theirusername by default and not access /home/nginx unless you give them access to entire /home/nginx due to reasons outlined above in previous post.
     
  4. GASTAN

    GASTAN Member

    81
    11
    8
    Jun 28, 2017
    Ratings:
    +16
    Local Time:
    10:58 AM
    ok then, I guess I just have to open /home/nginx/ to those two guys.
    I saw some 's' character ther ein privileges, thougth there is some fancy way