...
We do not want employees from different companies access or even have awareness of each others web directory. At the same time, the Apache Server running as user www-data belonging to group www-data also needs access to the directories. We also want to grant users of the staff group read access for support purposes.
Creating the Directory Structure and Permissions
| Directory | Permissions | ACL | ACL(default) |
|---|---|---|---|
| /web/ | rwXr-X--X | www-data:rX | www-data:rX |
| /web/php/ | rwXr-X--X | www-data:rX | www-data:rX |
| /web/php/tmp/ | rwXr-X--- | www-data:rwX | www-data:rwX |
| /web/php/logs/ | rwXr-X--- | www-data:rwX | www-data:rwX |
| /web/php/virtualhost/ | rwXr-X--- | www-data:rX client:rwX | www-data:rX client:rwX |
| /virtualhost/www/ | rwXr-X--- | www-data:rX client:rwX | www-data:rX client:rwX |
| /virtualhost/blog/ | rwXr-X--- | www-data:rX client:rwX | www-data:rX client:rwX |
| /virtualhost/blog/wp-content/ | rwXr-X--- | www-data:rwX client:rwX | www-data:rwX client:rwX |
All directories must be owned by serveradmin:staff
The utility setfacl is used to add the groups to the ACL for the respective directories,
...