...
Start by creating the web folder in your home directory so you do not have to keep sudo
Code Block |
---|
|
sudo mkdir web
#next set the permissions
sudo chmod u+rwX,g+r-w+X,o-rw+X web
sudo chown -R serveradmin:staff web
#now set www-data for the acl
sudo setfacl -Rm g:www-data:rX ./web/
sudo setfacl -Rm g:staff:rX ./web/ |
...
Code Block |
---|
|
getfacl web
# file: web
# owner: serveradminrfongyee
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::r-x
other::--x |
...
Code Block |
---|
|
getfacl --default web
# file: web
# owner: serveradminrfongyee
# group: staff |
To apply the permissions to defaults use
...
Code Block |
---|
|
getfacl --default ./web/
# file: web
# owner: serveradmin
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::rwx
other::---x |
If you want to see what the applied and default look like dont specify
Code Block |
---|
|
getfacl ./web/
# file: web
# owner: serveradmin
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::rwx
other::---x
default:user::rwx
default:group::r-x
default:group:www-data:r-x
default:group:staff:r-x
default:mask::rwx
default:other::---x |
php Folder
Now go into the web folder and create the php folder
Code Block |
---|
|
cd web
sudo mkdir php
sudo chown -R serveradmin:staff php
getfacl php
# file: php
# owner: serveradmin
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::r-x
other::--x
default:user::rwx
default:group::r-x
default:group:www-data:r-x
default:group:staff:r-x
default:mask::r-x
default:other::--x |
The php folder has inherited the permissions from web. If you notice the next set of folders do not use execute for others so rather than setting others permission for each folder simply change the php others permission.
Code Block |
---|
|
sudo chmod o-rwx php
#next apply this change to default
getfacl --access ./php/ | sudo setfacl -d -RM - ./php/
#check the permissions
getfacl php
# file: php
# owner: serveradmin
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:www-data:r-x
default:group:staff:r-x
default:mask::r-x
default:other::--- |
Setting
...
Next create your folders
Permissions for tmp and logs
Code Block |
---|
|
cd php
sudosetfacl mkdir dailyplanet
sudo mkdir lexcorp
sudo mkdir tmp
sudo mkdir logs
#remember serveradmin:staff must own the directory
cd ..
sudo chown -R serveradmin:staff php
-Rm g:www-data:rwX tmp
getfacl --access ./tmp/ | sudo setfacl -d -RM - ./tmp/
setfacl -Rm g:www-data:rwX logs
getfacl --access ./logs/ | sudo setfacl -d -RM - ./logs/ |
Setting up the Virtual Hosts Structure
Next create your folders
Code Block |
---|
|
cd php
mkdir dailyplanet lexcorp tmp logs
#change the php folder permissions back to the way it was
sudocd ..
chmod o-rw+X php
getfacl --access ./php/ | sudo setfacl -d -RM - ./php/
#check the permissions
getfacl php
# file: php
# owner: rfongyee
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::r-x
other::--x
default:user::rwx
default:group::r-x
default:group:www-data:r-x
default:group:staff:r-x
default:mask::r-x
default:other::--x |
Now to add the necessary groups to their respective virtual hosts
Code Block |
---|
|
cd php
sudo setfacl -Rm g:wgdailyplanet:rwX dailyplanet
getfacl --access ./dailyplanet/ | sudo setfacl -d -RM - ./dailyplanet/
cd dailyplanet
sudo mkdir www sudo mkdir blog
cd ..
sudo chown -R serveradmin:staff dailyplanetblog |
Now do the same to lexcorp
Code Block |
---|
|
setfacl -Rm g:wglexcorp:rwX lexcorp
getfacl --access ./lexcorp/ | sudo setfacl -d -RM - ./lexcorp/
cd lexcorp
mkdir www blog |
Repeat the same steps for lexcorp and change the group accordingly,
...