Server: debian4 / apache2 / php5
I have a vps and i usually only run websites that I administer, so I have loaded everything up under one username.
Now I have an external developer doing some work, and would like to give them access to one of my websites, but not the rest of them.
I also thought it would be a good idea to run all the websites as separate users, so if they get hacked or something, they can't wreck the other sites on the server.
Apache is running as www-data
I have run
chown -R myusername:www-data httpdocs
chmod -R 0750 httpdocs
so now it looks like
drwxr-x---myusername www-data httpdocs
Is that the right way to go about securing this?
Thanks
alex
Personally I'd use a subversion/git/mercurial (whatever floats your boat) source code repository and checkout the source regularly thru a cronjob after some sanity checks are done (automated tests to make sure the site still works)
If you want/need direct write access for a couple of people you have 2 options. I'd say it depends on wether your backup solution is capable of ACLs.
If so use ACLs to get the desired results. Your friends in this case are setfacl and getfacl.
If you can't do ACLs you should use a group that can write to that directory and make it sticky so that you won't run into a situation where userA writes a new file to the document root which userB can't modify.
Yes those permissions will work fine for what you are trying to achieve.