CentOS Webserver：创建与Nginx友好的SSH用户的最佳实践

I have been looking for the past hour and I just can't understand why this isn't more straight forward. I just spun up a VPS. I have LEMP running no problem. Trying to keep with the best practices so instead of using root for my Git deployments, SFTP, etc. I've created "website" as an SSH user.

我一直在寻找过去的一小时，我只是无法理解为什么这不是更直接的。我刚刚开始了一个VPS。我有LEMP运行没问题。尝试保持最佳实践，而不是使用root用于我的Git部署，SFTP等。我创建了“网站”作为SSH用户。

All of the files are nginx:nginx, however after several modifications to /etc/passwd and /etc/group I'm still unable to successfully ssh in with "website" and mv or modify files. I have no trouble viewing them.

所有文件都是nginx：nginx，但是在对/ etc / passwd和/ etc / group进行了几次修改后，我仍然无法成功地使用“网站”和mv或修改文件。我查看它们没有问题。

Typing "groups nginx" reveals nginx:nginx. Typing "groups website" reveals website:nginx.

键入“groups nginx”会显示nginx：nginx。键入“群组网站”显示网站：nginx。

Please, someone tell me what I am doing wrong. I believe the same scenario applies to Apache configurations.

请有人告诉我我做错了什么。我相信相同的场景适用于Apache配置。

1 个解决方案

#1

You need to modify File Access Control. Try these commands by swapping out bob with your specific user and specific path to your web root. That way your newly created user will have to ability to read/write/execute files without the need to modify permissions.

您需要修改文件访问控制。通过将bob与您的特定用户以及Web根目录的特定路径进行交换来尝试这些命令。这样，新创建的用户必须能够读取/写入/执行文件，而无需修改权限。

setfacl -R -d -m u:bob:rwx /var/www/mydomain.com 
setfacl -R -m u:bob:rwx /var/www/mydomain.com

Here is further reading if you would like to know more.

如果您想了解更多信息，请进一步阅读。

http://linuxcommand.org/man_pages/setfacl1.html

Let me know if it helped.

如果有帮助，请告诉我。

#1

setfacl -R -d -m u:bob:rwx /var/www/mydomain.com 
setfacl -R -m u:bob:rwx /var/www/mydomain.com