Home » Php » php – How to securely have many to many users on virtual hosts

php – How to securely have many to many users on virtual hosts

Posted by: admin July 12, 2020 Leave a comment

Questions:

I currently setup a single user on my virtual host like this:

sudo useradd -d /website/ -m user -s /usr/bin/rssh

sudo chown root:root /website/ -R #Don't get why I need this part but doesn't work without! 
sudo chmod 755 /website/
sudo chown -R user:www-data /website/public_html
sudo chmod 755 /website/public_html

This works for user to add and edit folders and files within /website/public_html.

I now want to be able to add other users with the ability to add and edit folders and files within /website/public_html. The issue with this, is that if I get into using groups and add users to the group www-data and change the chmod to 775 the users will then be able to edit other virtual hosts websites for example /website2/public_html.

All users (as you can see above) can only access the server through sftp (-s /usr/bin/rssh). Users are also locked to their home directories with the help of settings from sshd_config†. As of that I suppose I could add all the users to the same group (www-data) and chmod 775 the directory or is that not safe ?

For example here someone mentions that giving the virtual hosts 775 permissions may allow for users to insert php scripts that could delete everything. But without it being 775 this also does not allow for php to create files.

†:

Match user user
        ChrootDirectory /website/
        ForceCommand internal-sftp
        AllowTcpForwarding no
        GatewayPorts no
        X11Forwarding no
How to&Answers:

You can create a new group for each virtual host and add www-data and other granted users to this. Then set that group as the owner of your files (chown). With specifying an appropriate permission (like 775) you will be there.