If this has been asked before please link as I wasn’t able to find an equivalent in the search. I know that it’s fairly vague but I’m expecting to find out things that I didn’t know that I didn’t know to look for; I’m really just after recommended articles.
I’m looking to set up a server that has multiple ecommerce stores for demonstration purposes. This’ll be a mix of Magento and Woo, primarily. I’m quite familiar with setting up LAMP but not so much with the best practices. Is there a good resource to detail how to best configure for multiple (ssh) users?
As a prime example: if a user logs on to the server and adds new (or modifies) files I want to ensure that the files have the correct owner, preferably without having to su to a common user.
Commonly with articles that I’ve found they go through how to set up the bare basics for LAMP, the basics with setting up the firewall and the most common aspects like that. I’m essentially looking for “more reading” after the initial setup.
AFAIK Docker wouldn’t be well-suited as (if I’m not mistaken) multiple containers would slow down the performance. This server will most likely have less than 8GB RAM.
It’ll be a different directory each, rather than separate subdomains
Not a specific number but I estimate about 10
They’ll need access to common directories but likely only server admins would use files in their home dirs (other than bashrc, etc). This will be staff demonstrating features to clients so they might just re-use the same store.
They will have basic troubleshooting steps to restart the services in a pinch without having to depend on a server admin to be available, though that’s not essential.
Quick answer to best practices - all part you mentioned has those usually documented, and since it’s 2020 - I would never recommend not separating users/domains/functions.
SSH-jails are great, but …
Here comes the container-train… Even tho you set restrictions on less than 8gb ram.
I think you would benefit greatly from placing each setup within containers, limit it accordingly, place a reverse proxy in front and then enjoy that they can’t in a easy fashion escape.
Better yet, if you’re doing e-commerce things - PCI-DSS compliance and documents in regards to that will give you a bare minimum all well.
And - you can ofc also split things up into joint or not parts of containers that could be shared - even tho I would never ever recommend it.