www.bonsaiframework.com
Page tree

Versions Compared

Old Version 44

changes.mady.by.user Roderick Fong Yee

Saved on

compared with

New Version 45

changes.mady.by.user Roderick Fong Yee

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
chmod o-rwx php
#next apply this change to default
getfacl --access ./php/ | sudo setfacl -d -RM - ./php/
#check the permissions
getfacl php
# file: php
# owner: serveradmin
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:www-data:r-x
default:group:staff:r-x
default:mask::r-x
default:other::---

Setting

...

Code Block
languagebash
cd php
setfacl -Rm g:www-data:rwX tmp
getfacl --access ./tmp/ | sudo setfacl -d -RM - ./tmp/
setfacl -Rm g:www-data:rwX logs
getfacl --access ./logs/ | sudo setfacl -d -RM - ./logs/

Setting up the Virtual Hosts Structure

...

Code Block
languagebash
cd php
mkdir dailyplanet lexcorp tmp logs
#change the php folder permissions back to the way it was
cd ..
chmod o-rw+X php
getfacl --access ./php/ | sudo setfacl -d -RM - ./php/
#check the permissions 
getfacl php
# file: php
# owner: rfongyee
# group: staff
user::rwx
group::r-x
group:www-data:r-x
group:staff:r-x
mask::r-x
other::--x
default:user::rwx
default:group::r-x
default:group:www-data:r-x
default:group:staff:r-x
default:mask::r-x
default:other::--x-

Setting Permissions for tmp and logs

Code Block
languagebash
cd php
setfacl -Rm g:www-data:rwX tmp
getfacl --access ./tmp/ | sudo setfacl -d -RM - ./tmp/
setfacl -Rm g:www-data:rwX logs
getfacl --access ./logs/ | sudo setfacl -d -RM - ./logs/

Now to add the necessary groups to their respective virtual hosts

...

Now do the same to lexcorp

Next move the web folder to the opt directory and make serveradmin:staff own it

Code Block
languagebash
setfacl -Rm g:wglexcorp:rwX lexcorp
getfacl --access ./lexcorp/ | sudo setfacl -d -RM - ./lexcorp/
cd lexcorp
mkdir www blog

Next move the web folder to the opt directory and make serveradmin:staff own it

Code Block
languagebash
cd ~
sudo mv web /opt/
cd /opt/
sudo chown -R serveradmin:staff web

 

Repeat the same steps for lexcorp and change the group accordingly,

Warning

when adding a group to the acl group of a directory the mask is changed to what permissions were set - must read more about masks

 

Testing Restrictions

User Lex Luthor has been given access to his directory "lexcorp" but learns of the "dailyplanet" directory by using his robots to spy on Clark Kent's computer. So Lex terminals in...

...