Graham Hunter's picture

I've just installed the LAMP appliance (and S3 backup), and have been really impressed.

It would be very helpful for developers like me (who aren't strong sysadmins) to know which group(s) we need to add users to after completing the install.  Of course, I don't want to give the root password out to anyone, but at the same time

Is it really as simple as adding users to the www-data group?  Does that grant the user access beyond just the htdocs directory?  Having a quickstart guide that covers this would be great!

Jeremy Davis's picture

They will have system wide read access but AFAIK they shouldn't have write access to anywhere but the default web root (/var/www). But be warned, I'm not an expert on these things and if you want to be on the safe side perhaps wait for a response from someone more knowledgeable than me :)

If you want to stop users from even having read access outside of /var/www then perhaps you could set it up as a SSH chroot jail? If tthat takes your fancy have a read from here on. TBH I'm not sure whether it would work in your usage scenario but it could be an interesting exercise. Another option may be consider installing vsftpd and using FTPS (rather than SFTP) and again chroot users.

Add new comment