Home / server / Questions / 537141
Accepted
John Crawford
Asked: 2013-09-08 04:29:48 +0800 CST

user and groups for LAMP

  • 772

I have written a script that installs a LAMP environment and a few other helpful programs. All of this has been installed under root.

I would now like to create a new user called webmaster that will only be responsible for rendering my website located under: /home/webmaster/htdocs. As such I have created a new user called "webmaster".

When I run a "ls" on the htdocs folder I get the following output:

-rw-rw-r--  1 webmaster www-data  1843 Aug 26 21:12 composer.json
drwxrwsr-x  3 webmaster www-data  4096 Aug 26 21:12 src

Should the group really be owned by www-data or should I change the group to www-data and then simply add the Apache user, www-data, to the "webmaster" group? What is the best method with regards to security?

apache-2.2

1 Answers

  1. Best Answer

    1. I would seriously suggest to take a look at a configuration management system for automating and maintaining installations and deployments. Such tools are well tested and are well equipped to handle errors, generate reports and several other tasks in a robust way.

    2. I'd question if there's really a need to have a separated webmaster user? All *NIX systems already have a user that runs the web server and owns the files to be published (www-data in your case). This really boils down to:

      • is this user a system user or
      • is this account meant to be used as login user by somebody/some group?

      If the former, I'd insist there is no real use for such a user. If the latter, take a look at this question, which explains in detail how to manage such an environment. Other solutions are also valid.

    3. With regards to how to secure a LAMP server, read this Canonical Question, it addresses that topic in depth.

    • 2