freakysid
06-06-2001, 01:21 AM
As is obvious from this post, I have 0.002 cents worth of knowledge about setting up and running a dedicated linux web server environment. Well, thats what I am learning to do at the moment with an intel box I have set up with Linux RedHat here at home. Now, some of the software I have already installed and others I am still installing configuring (installing Berkeley DB right this minute for example). Here is a list of what I am installing that I need for my web application I am developing:
Bind8 *
Sendmail ^
Apache (with mod_php, mod_ssl, OpenSSL)
Webmin
MySQL
Berkely DB
* Already installed with default RedHat installation.
^ Installed but have to reinstall because default install did not include config programs/utilities.
Here are my questions:
1) Now I've got Apache installed into a directory owner: nobody, group: nobody and it is configured to run as nobody (default settings). Is this generally the right way to go?
2) Some of the software I've listed above was installed while I was root. I'm thinking that this may not be a good idea, because I have to log in as root to alter any of their configs etc. Which user account should I use? I'm thinking that maybe I should create a user account "webmaster" or similar who for the purpose of configuring these services. Or should every service have its own user account (mysql, sendmail, etc) and when I want to play with their settings I just su between different users????
3) There will be a couple of people who will need to have access to the root directory of the default Apache server. There will only be a couple of virtual servers for things like Webmin. At the moment I've set up a document root for the default server "www" in the path /usr/local/apache/htdocs/www I then have a symbolic link to that directory in the home directories of the couple of users who are allowed to access the document root via FTP. Is this OK? Or is there a better/more secure way to do all this?
As you can see I am struggling with groking the basics of users/permissions and the like. Once I have my web application all running I intend to wipe the hard disk and rebuild the server from scratch again as practice before we deploy the system for live beta testing. So I will have one more go at doing everything right here on my development box :)
Thanks for any tips or nudges in the right direction :)
Bind8 *
Sendmail ^
Apache (with mod_php, mod_ssl, OpenSSL)
Webmin
MySQL
Berkely DB
* Already installed with default RedHat installation.
^ Installed but have to reinstall because default install did not include config programs/utilities.
Here are my questions:
1) Now I've got Apache installed into a directory owner: nobody, group: nobody and it is configured to run as nobody (default settings). Is this generally the right way to go?
2) Some of the software I've listed above was installed while I was root. I'm thinking that this may not be a good idea, because I have to log in as root to alter any of their configs etc. Which user account should I use? I'm thinking that maybe I should create a user account "webmaster" or similar who for the purpose of configuring these services. Or should every service have its own user account (mysql, sendmail, etc) and when I want to play with their settings I just su between different users????
3) There will be a couple of people who will need to have access to the root directory of the default Apache server. There will only be a couple of virtual servers for things like Webmin. At the moment I've set up a document root for the default server "www" in the path /usr/local/apache/htdocs/www I then have a symbolic link to that directory in the home directories of the couple of users who are allowed to access the document root via FTP. Is this OK? Or is there a better/more secure way to do all this?
As you can see I am struggling with groking the basics of users/permissions and the like. Once I have my web application all running I intend to wipe the hard disk and rebuild the server from scratch again as practice before we deploy the system for live beta testing. So I will have one more go at doing everything right here on my development box :)
Thanks for any tips or nudges in the right direction :)