After setting up 1-Click LAMP, how to properly create users for 2 virtual hosts (2 domains) with right file permissions ?

Posted September 23, 2020 311 views

I just set up a LAMP droplet following the 1-Click install guide.
It worked fine, i have ssh access

I am now logged in as root.

The web root is now at /var/www/html which can be accessed through the droplet’s public ip or the domain name i ‘attached’ following this part of the guide :

... Two DNS records:
    An A record from a domain (e.g., to the server’s IP address
    An A record from a domain prefaced with www (e.g., to the server’s IP address

Now, i would like to create 2 users. Each one will be for managing a distinct website (distinct domain name and folder)

I tried doing this vhosts configuration a few months ago (not on digitalocean droplets), i had tons of file permission related errors

Is there a guide that i can follow for this specific usecase ?


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hi @GroovySTK,

I’ll recommend using an Apache Module : apache2-mpm-itk. This module is an MPM module for the apache web server which allows you to run each of your virtual host under a separate uid and gid i.e. the scripts and configuration files for one virtual host are completely separated from that of others and therefore no longer have to be readable for all of them.

First step is to install apache2-mpm-itk and enable it in order to use its functionality :-

sudo apt-get install apache2-mpm-itk

sudo a2enmod mpm_itk

Now a very simple virtual file for a domain should look like

<VirtualHost *:80>

ServerAdmin webmaster@localhost
DocumentRoot /home/user1/public_html/

<IfModule mpm_itk_module>
AssignUserId user1 user1

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined


Notice the

<IfModule mpm_itk_module>
AssignUserId user1 user1

That’s your way of separating with users.