Sharing Domain Files with Multiple Users
| The instructions provided in this article or section are considered advanced. You are expected to be knowledgeable in the UNIX shell. |
Contents |
Warning
Please keep in mind some of the commands executed in this article can and WILL cause your site to stop working along with a host of other problems if they're not done properly. If you aren't comfortable with the command line (SSH), don't know what a symlink is, or have never used chmod/chown commands before then you probably should NOT do this. This is not a supported method due to the inherent complications in doing this and as such you should expect complications when setting this up and will need to seek further assistance in the discussion forum. In most cases, creating a single FTP user that you share the login information for amongst the people who need access and putting just the domains you want them to have access to under that user will accomplish your needs.
Overview
In many cases you may want multiple users to have access to the web directory of a given domain. Unfortunately, there isn't an easy way to make it so a new user's home directory simply is the web directory you want to give them access to. By default, only the user that the domain is hosted under has write access to those files. That said, there is a way to set this up. Below is currently the best way to configure this if it's important that you have different user accounts modifying these files rather than a single shared user account.
There are some major limitations of this method. It will only work with PHP scripts under our default PHP configuration. Perl scripts, etc., simply won't work as suexec doesn't like the custom permissions setup here. If you get 500 errors after this is all setup when you browse to your files then check the error.log file in the logs directory for the domain you're setting up and if you see suexec errors, then this is the problem. Unfortunately, there is no workaround at this time. Second, regular FTP will not work with symlinks (it treats them as files), so users will have to use SFTP.
Change Users to Shell Accounts
The first thing that needs to be done to set this up is to switch all of the user accounts involved to Shell accounts. You can do that by going to the Manage Users area of your webpanel. From there, click on the Edit button with the wrench to the right of the users you want to change.
From there, just choose the "Shell account" option for the user.
NOTE
While editing or creating user (in the Manage Users section), whose directory you have to access, please do NOT check the box for 'Enhanced security?'
For example, in this article, the user starsky must not have the Enhanced security? as checked. If you do that, starskys home directory will be locked down and will not be accessible not matter what you do.
Setup a Custom Unix Group
At this point, you need to setup a custom Unix Group. You can do this through the Unix Groups area of the webpanel:
Once you're there, you want to click the Add Custom Group button:
Then just name the group and select the users you want to be in the group:
Once that's done, keep in mind that it can take a few minutes for the new group to become available on your server.
Adjust Web Directory Permissions
Once those changes go through, you'll want to log into the user the domain is hosted under using SSH. You can find out which user this is by looking on the Manage Domains page. Next to the domain in question you should see a line that reads "Fully Hosted / User: XXXXX" and that should tell you which user it's for. In this case, it would look like this:
In the case of this example, we log in as starsky:
~$ ssh starsky@shared-site.dreamhosters.com starsky@shared-site.dreamhosters.com's password: [server]$ pwd /home/starsky
Above you can see that after logging in we're in starsky's home directory. To see what's in there, we do this:
[server]$ ls -l drwxr-xr-x 5 starsky pg123456 4096 Jun 22 2008 Maildir dr-xr-x--- 3 starsky dhapache 4096 Dec 24 15:20 logs drwxr-xr-x 2 starsky pg123456 4096 Dec 24 15:52 shared-site.dreamhosters.com
You can see the directory we want there named "shared-site.dreamhosters.com". Notice that its group is set to "pg123456". That's the group that all of your users are put in automatically. Now we want to change that group for your domain's web directory, so we do this:
[server]$ chgrp -R sharexam shared-site.dreamhosters.com/
Shared hosting users are able to run chgrp, but not chown
That command sets the group to "sharexam" for that directory and any files inside. Now the directory listing should look something like this:
[server]$ ls -l drwxr-xr-x 5 starsky pg123456 4096 Jun 22 2008 Maildir dr-xr-x--- 3 starsky dhapache 4096 Dec 24 15:20 logs drwxr-xr-x 2 starsky sharexam 4096 Dec 24 18:31 shared-site.dreamhosters.com
The next step is we have to assign group write permissions to that directory. If you look at the front of the line you see "drwxr-xr-x". Those are the access permissions. It breaks down like this. The "d" means it's a directory. The first set of three characters after that are the owner permissions. The owner has full permissions here (read/write/execute). The next set of three are the group permissions and it only has read/execute permissions. The last set of three are the "other" permissions (or everyone else). Lets add group write permissions:
[server]$ chmod g+w shared-site.dreamhosters.com/
After running that command your directory listing should look something like this:
[server]$ ls -l drwxr-xr-x 5 starsky pg123456 4096 Jun 22 2008 Maildir dr-xr-x--- 3 starsky dhapache 4096 Dec 24 15:20 logs drwxrwxr-x 2 starsky sharexam 4096 Dec 24 18:31 shared-site.dreamhosters.com
Notice the change in permissions and the addition of the "w" in the middle set of three characters. Okay, now permissions are all set on this directory.
Create Symlinks
The next step here is creating symlinks to that directory in your other user's home directories. To do this, we'll need to login using each user.
~$ ssh yvaine@shared-site.dreamhosters.com yvaine@shared-site.dreamhosters.com's password: [server]$ pwd /home/yvaine
If you get a directory listing now, you'll notice that no directory for the "shared-site.dreamhosters.com" domain exists yet:
[server]$ ls -l drwxr-xr-x 5 yvaine pg123456 4096 Jun 22 2008 Maildir dr-xr-x--- 2 yvaine dhapache 4096 Dec 10 2008 logs
So, what we need to do now is create the symlink like this:
[server]$ ln -s /home/starsky/shared-site.dreamhosters.com shared-site.dreamhosters.com
After doing that the directory listing should look like this:
[server]$ ls -l drwxr-xr-x 5 yvaine pg123456 4096 Jun 22 2008 Maildir dr-xr-x--- 2 yvaine dhapache 4096 Dec 10 2008 logs lrwxrwxrwx 1 yvaine pg123456 42 Dec 24 18:43 shared-site.dreamhosters.com -> /home/starsky/shared-site.dreamhosters.com
Notice the new "shared-site.dreamhosters.com" item listed. Note the "l" in the permissions on the far left (for "link") and the arrow pointing to the actual directory it's linked to. Now this user has write access to the web directory for shared-site.dreamhosters.com. You'll want to perform this step for each user you want to have access to that directory. Note that the group of the symlink isn't set to the new unix group we made earlier. Don't worry about that. The permissions on the symlink aren't important in this case so long as the permissions on the directory it's linking to are correct.
See also Unix Groups
