Reputation: 29
CentOS Webserver: Best practice for creating SSH user that is friendly with Nginx
I have been looking for the past hour and I just can't understand why this isn't more straight forward. I just spun up a VPS. I have LEMP running no problem. Trying to keep with the best practices so instead of using root for my Git deployments, SFTP, etc. I've created "website" as an SSH user.
All of the files are nginx:nginx, however after several modifications to /etc/passwd and /etc/group I'm still unable to successfully ssh in with "website" and mv or modify files. I have no trouble viewing them.
Typing "groups nginx" reveals nginx:nginx. Typing "groups website" reveals website:nginx.
Please, someone tell me what I am doing wrong. I believe the same scenario applies to Apache configurations.
Upvotes: 0
Views: 503
Answers (1)
Reputation: 2058
You need to modify File Access Control. Try these commands by swapping out bob with your specific user and specific path to your web root. That way your newly created user will have to ability to read/write/execute files without the need to modify permissions.
setfacl -R -d -m u:bob:rwx /var/www/mydomain.com
setfacl -R -m u:bob:rwx /var/www/mydomain.com
Here is further reading if you would like to know more.
http://linuxcommand.org/man_pages/setfacl1.html
Let me know if it helped.
Upvotes: 1
Related Questions
- Running Nginx as non root user
- alternative to basic authentication for nginx-unit?
- log into server with created user on linux ubuntu
- Using PAM with nginx in CentOS 7
- Add SSH-Key for nginx user (for github)
- How to securely have many to many users on virtual hosts
- Create SSH keys for Apache user on CentOS
- CentOS: How can I create a secure user account to host a web-site?
- Should I use another user than the root when installing NGiNX
- Linux user scheme for a Django production server