gonzalomassa
Verified User
- Joined
- Feb 24, 2015
- Messages
- 6
Hello!
I'm not sure if this is the right forum to ask this, feel free to move the post to the right place.
I've a CentOS 7 VPS where we're going to host our new website. The server is actually used for a Moodle installation but it's under a subdomain controlled by another user, so the main domain's public_html folder is still empty and has no website inside.
The site is being developed with Laravel by an external developer, so we need to give him SSH access to our server. Like I said there is no current website hosted so we're not worried about content that could be deleted in the public_html folder, but we would like to restrict access to the server's administrative tools and files, like DirectAdmin access, custombuild folder, or anything that could be used to change or modify server configurations.
I've never used Login Keys but I think it's the way to give him access, right? The main questions that come to my mind are:
- Given it's the server's main domain we need to give access to, the Login Key has to be created for the "admin" user, right? (login as admin user > user level > login keys)
- When creating the Login Key it says If no commands are checked (allow and deny), all commands are allowed., but what if I select some checkboxes for "allow" and leave the rest unchecked? Do I need to check the "deny" for everything else?
- Which commands should I select to allow the user to login via ssh and run commands like git, php/composer, etc? (I'll install git client, no need to give him access to install software on the server).
- Is there anything else I can do to restrict access to other folders outside the user's home folder?
I hope I've asked the right questions and not give you too much work to answer them. Is this the right approach?
Thank you in advance, sorry for my english
I'm not sure if this is the right forum to ask this, feel free to move the post to the right place.
I've a CentOS 7 VPS where we're going to host our new website. The server is actually used for a Moodle installation but it's under a subdomain controlled by another user, so the main domain's public_html folder is still empty and has no website inside.
The site is being developed with Laravel by an external developer, so we need to give him SSH access to our server. Like I said there is no current website hosted so we're not worried about content that could be deleted in the public_html folder, but we would like to restrict access to the server's administrative tools and files, like DirectAdmin access, custombuild folder, or anything that could be used to change or modify server configurations.
I've never used Login Keys but I think it's the way to give him access, right? The main questions that come to my mind are:
- Given it's the server's main domain we need to give access to, the Login Key has to be created for the "admin" user, right? (login as admin user > user level > login keys)
- When creating the Login Key it says If no commands are checked (allow and deny), all commands are allowed., but what if I select some checkboxes for "allow" and leave the rest unchecked? Do I need to check the "deny" for everything else?
- Which commands should I select to allow the user to login via ssh and run commands like git, php/composer, etc? (I'll install git client, no need to give him access to install software on the server).
- Is there anything else I can do to restrict access to other folders outside the user's home folder?
I hope I've asked the right questions and not give you too much work to answer them. Is this the right approach?
Thank you in advance, sorry for my english