Hi all,
I'm reviewing how I set up websites (mostly Wordpress at the moment),
and would like other opinions on what I'm planning is sane.
My plan is to have a user eg "mysite" that owns all/most of the
standard files and directories.
The webserver (actually php-fpm) would run as "mysite-run".
Group ownership of the files would then be mysite-run, but
group-write permission would not be granted except where required, eg
the 'uploads' and 'cache' directories.
Files in those directories, created by the php-fpm process, would
obviously be owned by mysite-run.
Alternatively the group ownership of most of the directories could
remain with mysite, and but the uploads and cache directories
group-owned (and group-writeable) by mysite-run.
The objective of course is that site code can't write to anything it
shouldn't. I know that means that I'll have to install upgrades,
plugins etc with the wp cli tool.
I earlier had thoughts of improving this with ACLs, but a) this got
really complicated and b) it didn't seem to solve some of the
problems I was trying to solve.
I wanted to be able to allow other users (those who might need to
update sites) to be able to log in as themselves and make changes,
but IIRC nothing (other than sudo or setuid tools) will allow them to
set the ownership back to 'mysite', which is what I want it to be.
I'm aware of bindfs, which allows fuse mounting of filesystems with
permission translation, but as far as I can tell, it doesn't allow
mapping of userids. Tools could help, but I'd rather some of these
users had SFTP access only, which would prevent them being used.
Any thoughts?
Am I mostly on the right track?
Thanks,
Richard