On my dedicated server (running Debian Lenny) I run different websites and some of them are managed by other people. This means I had to give those people access via ftp and/or ssh to my box. As most of those sites use cms to manage content, they usually need the user which is running the webserver to be able to write their domain folders too.
In the past I managed to make folders writable both from the webserver and the user, adding every user I created for ftp/ssh access to the www-data group and then giving directories 664 permission. This way both the webserver and the user were able to write but I was not satisfied with this solution.
I knew that it was possible to wrap everything with SuExec and Cgi but I preferred running php forked by apache without CGI so this solution didn’t fit my needs.
I recently came to know the wonderful apache2-mpm-itk module. By enabling this, it is possible to achieve a true multiuser apache2 installation without wrapping anything to SuExec. Following some easy steps you would be able to specify an user+group for each virtualhost you run.
On Debian installation is quite easy as the apache2-mpm-itk module is on the repo. Note that installing it would remove common apache2 installation and the apache2-mpm-prefork as the module is compiled inside apache2. So to install it just
$ sudo apt-get install apache2-mpm-itk |
As the module is built in you do not need to a2enmod anything. Just go straight on your virtualhosts folder ( /etc/apache2/sites-available ) and enable it by adding this line for each virtualhost.
<IfModule mpm_itk_module> AssignUserId USER GROUP </IfModule> |
If you do not specify any user for some virtualhost they are going to run with default apache2 user (www-data, apache2, httpd or the one you specified on the configuration file).
Now, before reloading apache2 configuration be sure to reset permissions on your virtualhost, changing them from www-data to the new user:group using chown and if needed chmod. I usually do this
$ sudo chown USER:GROUP /var/www/some-virtualhost/ -R $ sudo chmod 644 /var/www/some-virtualhost/ -R |
Now you can safely reload your apache2 configuration and you’re done
$ sudo /etc/init.d/apache2 reload |
Pingback: 使用apache2-mpm-itk为apache的虚拟主机指定单独的用户运行 « harry.blog