Théo Gautier, Cyril Goldenschue
This project is made in the context of the CLD1 module of the CPNV's ES developpement school. The statment of the exercise in french.
| name | version |
|---|---|
| mariadb | 10.5.11 |
| Debian | 11 |
| php-fpm | 7.4 |
| nginx | 1.18.0 |
To prevent other users to acces to other users homes:
sudo chmod o-rwx /home/*
This command has to be ran after every creation of users without the script.
This chapiter is optional.
SSH is installed by defalut on the system by the installer. There is nothing to do to install it. If not:
sudo apt install ssh
SSH access is restricted for the users who have a sudo access. They are not allowed to use simple username-password authentication, they have to have a couple of public-private keys configured to login.
To configure it we setup a rule int /etc/ssh/sshd_config:
Match Group sudo
PasswordAuthentication no
Match all
Then, when a user have a couple of keys configued we can just add it to the sudo group with the command below.
sudo usermod -a -G sudo USER
sudo apt update
sudo apt install nginx
# Enable the service at startup
sudo systemctl enable nginx
# Remove the default Nginx website
sudo rm /etc/nginx/sites-enabled/defaultsudo apt install php-fpmsudo apt install mariadb-serverModifiy the file /etc/mysql/mariadb.conf.d/50-server.cnf and change the bind-address to this:
bind-address = 0.0.0.0
Edit /etc/mysql/mariadb.cnf and uncomment the following line:
port = 3306
restart mariadb service
sudo systemctl restart mariadb.service
Customer websites are isolated with the fact that we create homes with "others" rights to 0 and set umask of customers to 027 (see: client creation script).
A script named createClient.bash is available on the repository to create clients.
This script has to be ran as root (with the root account or sudo).