New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
How do you manage users on a linux box?
I now run most of my processes under root, but would like to move away from it and have a seperate user with only necessary privileges to run the web application.
How should I go about doing this.. any approach that you all follow. (create one user, multiple users for each application). How do you manage the www-data user that apache comes with etc. Any best practices would be helpful too.
Thanks.
Comments
Assign a separate PHP-FPM pool, running as a separate user, to each website. These users get write access where they need.
Allow Apache/nginx (www-data) to read everything but write nothing. All actual scripting should be delegated to an appropriate PHP-FPM pool.
Root is required for most boot level processes. Changing that would only lead to boot fails. Most apps that you install, that need specific user and group ids, will take care of the permissions automagically. No need to monkey with them. And www-data ownership only applies to web accessible folders and processes.
As far as adding users to the system, 1 user with sudo permissions is sufficient to update the system, edit config files, etc. If you're running a mail server, I suggest virtualmin or similar that will add users to the email system only.
One word: Puppet.
For each virtualhost/website I create a new user and group and then create a new php-fpm pool for the virtualhost.