...
Code Block | ||
---|---|---|
| ||
chmod o-rwx php #next apply this change to default getfacl --access ./php/ | sudo setfacl -d -RM - ./php/ #check the permissions getfacl php # file: php # owner: serveradmin # group: staff user::rwx group::r-x group:www-data:r-x group:staff:r-x mask::r-x other::--- default:user::rwx default:group::r-x default:group:www-data:r-x default:group:staff:r-x default:mask::r-x default:other::--- |
Setting
...
Code Block | ||
---|---|---|
| ||
cd php
setfacl -Rm g:www-data:rwX tmp
getfacl --access ./tmp/ | sudo setfacl -d -RM - ./tmp/
setfacl -Rm g:www-data:rwX logs
getfacl --access ./logs/ | sudo setfacl -d -RM - ./logs/ |
Setting up the Virtual Hosts Structure
...
Code Block | ||
---|---|---|
| ||
cd php mkdir dailyplanet lexcorp tmp logs #change the php folder permissions back to the way it was cd .. chmod o-rw+X php getfacl --access ./php/ | sudo setfacl -d -RM - ./php/ #check the permissions getfacl php # file: php # owner: rfongyee # group: staff user::rwx group::r-x group:www-data:r-x group:staff:r-x mask::r-x other::--x default:user::rwx default:group::r-x default:group:www-data:r-x default:group:staff:r-x default:mask::r-x default:other::--x- |
Setting Permissions for tmp and logs
Code Block | ||
---|---|---|
| ||
cd php
setfacl -Rm g:www-data:rwX tmp
getfacl --access ./tmp/ | sudo setfacl -d -RM - ./tmp/
setfacl -Rm g:www-data:rwX logs
getfacl --access ./logs/ | sudo setfacl -d -RM - ./logs/ |
Now to add the necessary groups to their respective virtual hosts
...
Now do the same to lexcorp
Next move the web folder to the opt directory and make serveradmin:staff own it
Code Block | ||
---|---|---|
| ||
setfacl -Rm g:wglexcorp:rwX lexcorp getfacl --access ./lexcorp/ | sudo setfacl -d -RM - ./lexcorp/ cd lexcorp mkdir www blog |
Next move the web folder to the opt directory and make serveradmin:staff own it
Code Block | ||
---|---|---|
| ||
cd ~ sudo mv web /opt/ cd /opt/ sudo chown -R serveradmin:staff web |
Repeat the same steps for lexcorp and change the group accordingly,
Warning |
---|
when adding a group to the acl group of a directory the mask is changed to what permissions were set - must read more about masks |
Testing Restrictions
User Lex Luthor has been given access to his directory "lexcorp" but learns of the "dailyplanet" directory by using his robots to spy on Clark Kent's computer. So Lex terminals in...
...