[LRUG] Setting up SSH for multiple people to deploy an app
Graham Ashton
graham at effectif.com
Wed Apr 17 10:31:31 PDT 2013
On 17 Apr 2013, at 18:02, Richard Livsey <richard at livsey.org> wrote:
> I'm thinking of adding all users who can deploy to the 'www-data' group and then setting the /var/www/site as 2775 so that it's writable by anyone in that group.
The user that the app runs as shouldn't really be able to write to the files in the app - it's a security breach waiting to happen as an attacker could potentially modify your code. You should be okay just allowing www-data to create files in tmp/** and the log directory.
It's not too hard to setup with Capistrano, but I remember swearing a lot the last time I did it. I've always wondered why Cap doesn't promote a two-user/readonly files setup by default.
http://wiki.debian.org/Apache (search for www-data)
--
Graham Ashton
Founder, Agile Planner
https://www.agileplannerapp.com | @agileplanner | @grahamashton
More information about the Chat
mailing list