ACL and OpenLiteSpeed

#1
Hello,

I have a small issue...
I am trying to work with ownerships and permissions.

And i have set my user "dev" and group "dev" as owner of everything in "public" (exposed document root) folder.

However, this generates a error 500 for me when i browse this page.

If i set nobody:nobody as owner of public-directory, it works fine.

However, if i set dev as group/owner, and use "setfacl -R -m default:u:nobody:rwx public/" , it still generates a error 500 even if i am saying that "nobody has access to the directory".

Am i understanding this ACL wrong?
 

Pong

Administrator
#2
Normally you don't need to complicate issue with ACL.
If you don't use PHP SuEXEC, php will inhetiate from server to run as "nobody:nobody"
You can set OLS virtaul host to run PHP as SuEXEC , such as "dev:dev". then all files under ehe user root should be owned by "dev:dev".

For example: /home/dev and all files, should be owned by dev:dev.

then set that virtual host to run php as "dev:dev"
https://openlitespeed.org/kb/change-php-settings-by-vhost-and-user/
 
#3
Normally you don't need to complicate issue with ACL.
If you don't use PHP SuEXEC, php will inhetiate from server to run as "nobody:nobody"
You can set OLS virtaul host to run PHP as SuEXEC , such as "dev:dev". then all files under ehe user root should be owned by "dev:dev".

For example: /home/dev and all files, should be owned by dev:dev.

then set that virtual host to run php as "dev:dev"
https://openlitespeed.org/kb/change-php-settings-by-vhost-and-user/

Hi, thanks for reply.

But i dont understand how this would scale properly. If i wanted to add more devs to the project, how'd that workout then?
 

Pong

Administrator
#4
Do you mean you want to give a few developers to access to the same folder for them to update code? If so, you will need to give them shared login "dev" user and they can upload code through ftp. They won't have a different user login. If you means something else, please clarify.

I would suggest you use a control panel , such as cyberpanel to handle all these for you instead of you work out your self.
 
Top