帮助使用 CentOS/WHM 设置的 SVN+SSH 权限
我将尽力解释我如何尝试设置这个系统。
想象一下一个生产服务器在多个站点上运行 WHM。我们将这些站点称为... site1、site2、site2
现在,通过 WHM 设置,每个站点都为其定义了一个用户/组,为了简单起见,我们将这些用户/组保留为 site1、site2。
现在,更新这些站点是使用 SVN 完成的,并通过使用提交后脚本来自动更新这些站点(通过 apache 配置阻止 .svn)。
这些网站有两个定期维护者,我们称他们为乔和鲍勃。 Joe 和 Bob 都可以通过各自的有限帐户对服务器进行命令行访问。
所以我做了一些简单的事情,设法让 SVN 与这些“维护者”一起工作,这样当 SVN 提交发生时,更改就会被签出并完美上线。
这是警告,也是我最终的问题。用户权限。
通过我对此设置的测试,我只能通过授予正在更新的内容 777 权限来使其正常工作,以便 Joe 和 Bob 都可以对每个站点的 webfront 目录进行读写访问。
现在举一个例子:
Joe 和 Bob 都属于一个名为“Dev”的组。我已经设置了 master /svn 文件夹来对该组进行读写访问,并且效果很好。提交后触发器,更新站点,然后在 Webfront 中的每个文件上设置 777。
然后我更改了此设置以尝试考虑组权限更新,而不是直接 777。
/home/site1/public_html 中的每个文件夹最初都会获得 664 的 chmod,每个文件夹 775
看起来有点像这样
drwxrwxr-x .
drwxrwxr-x ..
drwxrwxr-x site1 site1 my_test_folder
-rw-rw-r-- site1 site1 my_test_file
所以 site1 是 sthe这些文件和文件夹的所有者和组所有者。因此,我随后将 site1 添加到 Joe 和 Bobs 辅助组,以便 SVN 更新能够正确地允许访问这些文件。
现在的问题就在这里。
当我希望将文件或文件夹添加到 /home/site1 时,例如 Bobs_file,它看起来像这样
drwxrwxr-x .
drwxrwxr-x ..
drwxr-xr-x Bob dev bobs_folder
drwxrwxr-x site1 site1 my_test_folder
-rw-rw-r-- Bob dev bobs_file
-rw-rw-r-- site1 site1 my_test_file
我怎样才能获得它,以便使用 Bob 可用的用户权限集来更改该文件的所有者和组所有者反映“site1”“site1”。由于 Bob 属于 Dev,我可以使用 CHMOd 正确设置权限,但 CHGRP 似乎会返回操作错误。
现在,这已经足够长了,可以准确地概述我想要完成的任务,以防万一我要解决这个问题,并且有一个更简单的解决方案。这是我的目标
- 2 个人更新
- 指定的 WHM 结构的多个用户帐户
- 尝试将文件和文件夹的主用户/组权限维护到原始用户帐户,而不是更新者的帐户。
- 相对于 SVN,我更喜欢 SVN+SSH 的安全性。
- 不想在 root 上运行这一切。
我希望这是有道理的,并提前致谢:)
I'll try my best to explain how I'm trying to set up this system.
Imagine a production server running WHM with various sites. We'll call these sites... site1, site2, site2
Now, with the WHM setup, each site has a user/group defined for them, we'll keep these users/groups called site1,site2 for simplicity reasons.
Now, updating these sites is accomplished using SVN, and through the use of a post commit script to auto update these sites (With .svn blocked through the apache configuration).
There are two regular maintainers of these sites, we'll call them Joe and Bob. Joe and Bob both have commandline access to the server through thier respective limited accounts.
So I've done the easy bit, managed to get SVN working with these "maintainers" so that when an SVN commit occurs, the changes are checked out and go live perfectly.
Here's the cavet, and ultimately my problem. User permissions.
Through my testing of this setup, I've only managed to get it working by giving what is being updated permissions of 777, so that Joe and Bob can both read and write access to webfront directories for each of the sites.
So, an example of how it's set up now:
Joe and Bob both belong to a group called "Dev". I have the master /svn folders set up for both read and write access to this group, and it works great. Post commit triggers, updates the site, and then sets 777 on each file within the webfront.
I then changed this to try and factor in group permission updates, instead of straight 777.
Each folder in /home/site1/public_html intially gets given a chmod of 664, and each folder 775
Which looks a little something like this
drwxrwxr-x .
drwxrwxr-x ..
drwxrwxr-x site1 site1 my_test_folder
-rw-rw-r-- site1 site1 my_test_file
So site1 is sthe owner and group owner of those files and folders. So I then added site1 to Joe and Bobs secondary groups so that the SVN update will correctly allow access to these files.
Herein lies the problem now.
When I wish to add a file or folder to /home/site1, say Bobs_file, it then looks like this
drwxrwxr-x .
drwxrwxr-x ..
drwxr-xr-x Bob dev bobs_folder
drwxrwxr-x site1 site1 my_test_folder
-rw-rw-r-- Bob dev bobs_file
-rw-rw-r-- site1 site1 my_test_file
How can I get it so that with the set of user permissions Bob has available, to change the owner and group owner of that file to reflect "site1" "site1". As Bob belongs to Dev I can set the permissions correctly with CHMOd, but It appears CHGRP is throwing back operation errors.
Now this was long winded enough to give an overview of exactly what I'm trying to accomplish, just incase I'm going about this arse-over-tit and there's a far easier solution. Here's my goals
- 2 people to update
- multiple user accounts specified given the structure of WHM
- Trying to maintain master user/group permissions of file and folders to the original user account, and not the account of the updatee.
- I like the security of SVN+SSH over just SVN.
- Don't want to run all this over root.
I hope this made sense, and thanks in advance :)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
尝试:
这将递归地将该目录中的所有文件更改为“site1”组中的“site1”用户所拥有。
Try:
This will recursively change all files in that directory to be owned by the "site1" user in the "site1" group.