Hey guys, whats the best way to setup apache24 for multiple users?
My goal:
Enable WebDav with 3 groups:
Enable SSH access for site owners (using chroot for webmasters install private dependencies)
Since I have this automatic on my control panel on linux, now I am trying learn how do it manually on FreeBSD, so I am lost on begin with novice questions, how setup the correct permissions on directory structure?
Using
or
The goal is let webmasters able to login and install desired stuff on his chroot enviroment by ssh, for example, instead I enable all perl and php modules, I will enable the basic with harded values for get WordPress working, then if the client need some custom module for enable like mail/horde-webmail for example, he would log on using ssh and install it for his environment only.
Or this is not possible and I need install everything?
Client Structure:
Domain sites structure:
Notes:
client1 = For the first client on database
web1 = First domain of the client
web2 = Second domain of the client
log = For setup local logs of the client
private = For store no shareable stuff like private keys, etc..
ssl = Public keys
tmp = For setup local tmp files
web = store website files
webdav = For WebDAV acess
Setting permissions:
On linux the apache files are on /var/www on FreeBSD if I understood right, are on /usr/local/www there any difference from security view?
Should I make an dedicated dataset for /usr/local/www?
My current control pannel use suExec, after read about it I have choose no use it, then from options I have read about I will need use suPHP, this is the mostly secure option avaliable?
Sorry for the noob questions, after get the directory structure adapted for FreeBSD, I will start test how to setup the things and later try convert the pannel for FreeBSD if possible.
My goal:
Enable WebDav with 3 groups:
- Private (Only domain owner access)
- Group (Domain owner set a group for share documents between other people)
- Public (Global access by WebDav - like public ftp)
Enable SSH access for site owners (using chroot for webmasters install private dependencies)
Since I have this automatic on my control panel on linux, now I am trying learn how do it manually on FreeBSD, so I am lost on begin with novice questions, how setup the correct permissions on directory structure?
Using
adduser -D and set the home directory for /usr/local/www/clients/client1 what I should use for shell: /bin/shor
/usr/sbin/nologinThe goal is let webmasters able to login and install desired stuff on his chroot enviroment by ssh, for example, instead I enable all perl and php modules, I will enable the basic with harded values for get WordPress working, then if the client need some custom module for enable like mail/horde-webmail for example, he would log on using ssh and install it for his environment only.
Or this is not possible and I need install everything?
Client Structure:
mkdir -p /usr/local/www/clientsDomain sites structure:
mkdir -p /usr/local/www/clients/client1/web1/log
mkdir -p /usr/local/www/clients/client1/web1/private
mkdir -p /usr/local/www/clients/client1/web1/ssl
mkdir -p /usr/local/www/clients/client1/web1/tmp
mkdir -p /usr/local/www/clients/client1/web1/web
mkdir -p /usr/local/www/clients/client1/web1/webdav/private
mkdir -p /usr/local/www/clients/client1/web1/webdav/group
mkdir -p /usr/local/www/clients/client1/web1/webdav/public
mkdir -p /usr/local/www/clients/client1/web2/log
mkdir -p /usr/local/www/clients/client1/web2/private
mkdir -p /usr/local/www/clients/client1/web2/ssl
mkdir -p /usr/local/www/clients/client1/web2/tmp
mkdir -p /usr/local/www/clients/client1/web2/web
mkdir -p /usr/local/www/clients/client1/web2/webdav/private
mkdir -p /usr/local/www/clients/client1/web2/webdav/group
mkdir -p /usr/local/www/clients/client1/web2/webdav/publicNotes:
client1 = For the first client on database
web1 = First domain of the client
web2 = Second domain of the client
log = For setup local logs of the client
private = For store no shareable stuff like private keys, etc..
ssl = Public keys
tmp = For setup local tmp files
web = store website files
webdav = For WebDAV acess
Setting permissions:
chown web1:client1 /usr/local/www/clients/client1/web1/log
chown web1:client1 /usr/local/www/clients/client1/web1/private
chown web1:client1 /usr/local/www/clients/client1/web1/ssl
chown web1:client1 /usr/local/www/clients/client1/web1/tmp
chown web1:client1 /usr/local/www/clients/client1/web1/web
chown web1:client1 /usr/local/www/clients/client1/web1/webdav/private
chown web1:client1 /usr/local/www/clients/client1/web1/webdav/group
chown web1:client1 /usr/local/www/clients/client1/web1/webdav/public
chown web2:client1 /usr/local/www/clients/client1/web2/log
chown web2:client1 /usr/local/www/clients/client1/web2/private
chown web2:client1 /usr/local/www/clients/client1/web2/ssl
chown web2:client1 /usr/local/www/clients/client1/web2/tmp
chown web2:client1 /usr/local/www/clients/client1/web2/web
chown web2:client1 /usr/local/www/clients/client1/web2/webdav/private
chown web2:client1 /usr/local/www/clients/client1/web2/webdav/group
chown web2:client1 /usr/local/www/clients/client1/web2/webdav/public
chmod 0660 /usr/local/www/clients/client1/web1/log
chmod 0600 /usr/local/www/clients/client1/web1/private
chmod 0664 /usr/local/www/clients/client1/web1/ssl
chmod 0770 /usr/local/www/clients/client1/web1/tmp
chmod 0750 /usr/local/www/clients/client1/web1/web
chmod 0700 /usr/local/www/clients/client1/web1/webdav/private
chmod 0660 /usr/local/www/clients/client1/web1/webdav/group
chmod 0664 /usr/local/www/clients/client1/web1/webdav/public
chmod 0660 /usr/local/www/clients/client1/web2/log
chmod 0600 /usr/local/www/clients/client1/web2/private
chmod 0664 /usr/local/www/clients/client1/web2/ssl
chmod 0770 /usr/local/www/clients/client1/web2/tmp
chmod 0750 /usr/local/www/clients/client1/web2/web
chmod 0700 /usr/local/www/clients/client1/web2/webdav/private
chmod 0660 /usr/local/www/clients/client1/web2/webdav/group
chmod 0664 /usr/local/www/clients/client1/web2/webdav/publicOn linux the apache files are on /var/www on FreeBSD if I understood right, are on /usr/local/www there any difference from security view?
Should I make an dedicated dataset for /usr/local/www?
My current control pannel use suExec, after read about it I have choose no use it, then from options I have read about I will need use suPHP, this is the mostly secure option avaliable?
Sorry for the noob questions, after get the directory structure adapted for FreeBSD, I will start test how to setup the things and later try convert the pannel for FreeBSD if possible.