landed
By:
landed

ubuntu droplet creation and users question

June 13, 2017 348 views
Security Linux Basics Ubuntu 16.04

I have seen a good few replies on the forum that have a similar problem. They stem from wordpress installs and nginx in the scenarios I have seen but its not limited to them and I wanted to learn the best way to move forwards. The tutorials talk about creating a user with sudo that isn't root, and here is my confusion.

When I created a droplet a username got created (dave) that I am thinking has sudo credentials. Is this the same as what the tutorial is speaking about. here is an example tut

chown -R www-data:www-data domain.com/

vs

chown -R $USER:$USER domain.com/

And so for a website to be able to run scripts like php wordpress needs to be like the first case otherwise we get a 403 and issues...

Also note that I am running a multisite folder

www-data:www-data does work and seems to be the solution (often touted) but for a multisite setup isnt ideal as each website should have a user I feel?

Thanks for secure insight in whats the best practise.

2 Answers

Hi @landed

If you're running WordPress Multisite (Network), then you're actually only running a single installation of WordPress, so it can only run under 1 user (that being www-data, dave or whatever you prefer).

If you want to run each site with it's own user, then you need to setup regular WordPress for each site and you can contain them each in their own user.

You should not run PHP/Nginx/Apache with a user that can login - and never with a user that can sudo. The default www-data has the shell set to /usr/sbin/nologin.

So I will create a user for each website then..and it should not have sudo level and it can be a part of the www-data group (I think).
I will see how easy this is to do. Thank you.

Have another answer? Share your knowledge.