Limiting commands for certain users to certain directories
I have a slight OCD for security, and I only want them to be able to mess with the files and configuration for their site. However, since their site is being run by the same web server daemon as my site, the files are owned by the same user and group. Is it possible to do this via sudo, or possible run two instances of my server daemon (nginx), each owned by a different user/group? So far, in my searches around the web, I haven't found a way to do this.
3 Replies
@Piki:
Just started running the permissions system in Linux through my head, and something I just thought of: If I change the group on the files for the other site and I leave the user set to my nginx user, would this mess with nginx's ability to correctly serve the site? If not, I can easily add the people for the other project to said group and give their group rwx permissions for their site.
That should work just fine.
The more common way I've see it done is the opposite of that, user owns the files and the web server user has group access. However, it sounds like you have multiple users, so your proposal makes sense.