...
We do not want employees from different companies access or even have awareness of each others web directory. At the same time, the Apache Server running as user www-data belonging to group www-data also needs access to the directories. We also want to grant users of the staff group read access for support purposes.
Creating the Directory Structure and Permissions
Directory | Permissions | ACL | ACL(default) |
---|---|---|---|
/web/ | rwXr-X--X | www-data:rX | www-data:rX |
/web/php/ | rwXr-X--X | www-data:rX | www-data:rX |
/web/php/tmp/ | rwXr-X--- | www-data:rwX | www-data:rwX |
/web/php/logs/ | rwXr-X--- | www-data:rwX | www-data:rwX |
/web/php/virtualhost/ | rwXr-X--- | www-data:rX client:rwX | www-data:rX client:rwX |
/virtualhost/www/ | rwXr-X--- | www-data:rX client:rwX | www-data:rX client:rwX |
/virtualhost/blog/ | rwXr-X--- | www-data:rX client:rwX | www-data:rX client:rwX |
/virtualhost/blog/wp-content/ | rwXr-X--- | www-data:rwX client:rwX | www-data:rwX client:rwX |
All directories must be owned by serveradmin:staff
The utility setfacl is used to add the groups to the ACL for the respective directories,
...