I'm developing a server application for ubuntu server, clients will connect to in through socket connection. It's in beta stage and under heavy development. At the moment lots of people are using it and it is updated almost every day. So I seed to seriously consider security issues and in the same time don't restrict myself too much. Now I have two questions:
Where is the appropriate place to store its files? Application consists of executable, some config files and startup script. But I don't want to spread it accross the filesystem just store in single folder for convenience since app is under heavy development. My guess would be to create new dir under
/var. Right now I store it in my home folder.Do I need to create separate user for it? I start it up using init.d script via
sudo -u me. I want to restrict its access to system for security purposes but in the same time I want to be able to update it through FTP and not run into access issues (user that uploads it is different from user that runs it, and it sometimes need write access to some files). How to do that?
UPDATE: I forgot to mention that this application isn't redistributable. It is a web service that will exist in single instance at our server.
These are really mater of preference so I will answer as such.
I'd suggest using /opt/appname to keep your files. Some of the projects I've worked win in the past drop everything in there and then eventually separate it out to subfolders from there. You can symlink your init script back to this directory as well.
If you are using a dedicated user to run the application your installer should generally create the user ID to be used.. That is however a matter of preference on my part. I've seen a lot of projects go either way.
I strongly believe that you should follow the FHS especially while it is heavy development, you should develop your application to follow the standards so it can be used in production. Configuration belongs in /etc, binaries usually under /usr/bin, per-user data in /home, shared data in /var or /srv. If you want everything to appear to be in a single folder, then use symlinks to make everything appear to be in a single location. Start developing it correctly at the start, and you won't run into any weird gotcha's in the future when you realize that you made some poor decision that would require you a lot of effort to make it right.
In the best world, your application could be easily reconfigured and no paths were baked in. Make it easy to move configuration, data, to anywhere that is appropriate.
It completely depends on the application, but you should avoid having services running as root whenever possible. You should also avoid running it as your personal account.
If it's your application you could store it under /opt since it's a third party application. You can find more information on directory structure at http://slashmedia.wordpress.com/2007/12/23/linux-directory-structure/