NYCPHP Meetup

[Rolan Yang]

Gary Mort wrote:
>
> But because of that, and my rusty LAMP server skills, I'm a little 
> behind on "ideals".
>
> So...presuming you get to control the server environment, and we're 
> using Linux.  What is the ideal way to configure your server so that:
> The web server can read/write/edit files for the virtual host joomla 
> is being installed on
> Multiple users can ssh/ftp to the server and read/write/edit 
> files[including ones created by each other and the webserver] for that 
> virtual host[and can edit any files the web server created]
>
> AND
> you can have a second virtual host that the web server can 
> read/write/edit files in and other users can as well but programs in 
> the first virtual host can't be run by the server and edit files in 
> the second one.
>

I'm not quite sure what you mean by the second virtual host not having 
access to run programs on the first virtual host. Do you mean that the 
second virtual host's web server running joomla should not have access 
to the files in the first, but the first should have access to the 
second? If so, then you might be able to get away with creating a 
symlink to the second virtual host's joomla content directory. Place 
that symlink under the first virtual host's <joomladir>/images/stories 
directory. What you would end up with is the second virtual host's 
content accessible as a subdirectory under the first, but not the other 
way around.

This is only secure for users on the "front" web facing content 
management end. For users who have access to upload scripts executable, 
it's a security "game over". They have access to everything the web 
server does for for all directories and virtual hosts managed by that 
web server (eg. upload a "php shell" script).


~Rolan