Page History

...

SFTP - copy/create will inherit ACLs, but move from outside needs to be tested.

Creating Users and Groups

sudo --gid 3100 wgdailyplanet
sudo --gid 3101 wglexcorp
sudo useradd -d /opt/web/php/ckent -m -g wgdailyplanet -u 4001 -c "Clark Kent" -s /bin/bash ckent
sudo useradd -d /opt/web/php/lluthor -m -g wglexcorp -u 4006 -c "Lex Luthor" -s /bin/bash lluthor

ACLs and Groups

The most scalable way to use ACLs is to apply groups. A tutorial approach will be used to illustrate the commands.

The scenario is we want to provide website hosting for two different wgdailyplanets who we will start by categorizing into two different groups,clients, The Daily Planet and LexCorp. Employees from the respective companies will kept in the system under the following groups, wgdailyplanet and wglexcorp.

We do not want employees from different companies access or even have awareness of each others web directory. At the same time, the Apache Server running as user www-data belonging to group www-data also needs access to the directories. We also want to grant users of the staff group read access for support purposes. Finally, we want all subequent directories and files under the respective Web Root Directories to inherit the same permissions. This is just not possible using standard Unix groups.

Creating Users and Groups

First create the groups following the standards of the Bonsai Framework,

sudo --gid 3100 wgdailyplanet
sudo --gid 3101 wglexcorp
sudo useradd -d /opt/web/php/ckent -m -g wgdailyplanet -u 4001 -c "Clark Kent" -s /bin/bash ckent
sudo useradd -d /opt/web/php/lluthor -m -g wglexcorp -u 4006 -c "Lex Luthor" -s /bin/bash lluthor

Creating the Directory Structure and Permissions

...