Related

Restrict the new user Question Question
PHP Error Log: authz_core:error - For files that don't exists on my server Question Question

Question

ubuntu droplet creation and users question

Posted June 13, 2017 1.3k views
Linux BasicsSecurityUbuntu 16.04

I have seen a good few replies on the forum that have a similar problem. They stem from wordpress installs and nginx in the scenarios I have seen but its not limited to them and I wanted to learn the best way to move forwards. The tutorials talk about creating a user with sudo that isn’t root, and here is my confusion.

When I created a droplet a username got created (dave) that I am thinking has sudo credentials. Is this the same as what the tutorial is speaking about. here is an example tut

chown -R www-data:www-data domain.com/

vs

chown -R $USER:$USER domain.com/

And so for a website to be able to run scripts like php wordpress needs to be like the first case otherwise we get a 403 and issues…

Also note that I am running a multisite folder

www-data:www-data does work and seems to be the solution (often touted) but for a multisite setup isnt ideal as each website should have a user I feel?

Thanks for secure insight in whats the best practise.

Add a comment
landed
By:
landed
Add a comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers
hansen June 13, 2017

Hi @landed

If you’re running WordPress Multisite (Network), then you’re actually only running a single installation of WordPress, so it can only run under 1 user (that being www-data, dave or whatever you prefer).

If you want to run each site with it’s own user, then you need to setup regular WordPress for each site and you can contain them each in their own user.

You should not run PHP/Nginx/Apache with a user that can login - and never with a user that can sudo. The default www-data has the shell set to /usr/sbin/nologin.

Reply Report
landed June 14, 2017

So I will create a user for each website then..and it should not have sudo level and it can be a part of the www-data group (I think).
I will see how easy this is to do. Thank you.

Reply Report
Submit an Answer

Related

Looking for something else?

Ask a new question Search for more help