Hey all,

I just got myself a brand spanking new Linode and I love it so far. I'm decently familiar with Linux so I've managed to set everything up but now that I'm managing my own server I have some questions about best practices.

Basically, I have a couple of domains and subdomains that I care about and I'm really the only person administering them. For security purposes, I want to setup an account I can SFTP and SSH from that is locked to my home folder.

What is the correct approach from a security and organizational standpoint?

1. Do I put all the sites into /srv/www as the Linode guide states and then make symlinks from my home folder?
2. How do I make sure this is scalable in case my friend wants to help me out with a website and I have to setup group permissions for specific sites?
3. I've disabled the default site at /var/www. It seemed strange to put one site there and all the others in /srv/www... What is the right way to organize this?

Thanks!

Why if you're the only one administering it?

If you have a friend that wants access to a single site then give that site a user and use http://library.linode.com/security/sftp-jails/ to lock that user to their home folder.

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I understand that, but I'm still confused about where the site data should live. Let's say I have a site example.com that me and my friend jointly work on.

All the data lives in /srv/www/example.com (like my other sites). I add myself and my friend to a group that then "chowns" that folder, correct? However, I don't want my friend to be able to go poking around the file system so I lock him down to the home folder (SFTP jail). However, now he can't access the site unless I put a symlink?

Lock him down to /srv/www/example.com instead of his home folder by setting ChrootDirectory /srv/www/example.com

_________________
Paid support
How to ask for help
1. Give details of your problem
2. Post any errors
3. Post relevant logs.
4. Don't hide details i.e. your domain, it just makes things harder
5. Be polite or you'll be eaten by a grue

I understand now, many thanks!

Anyother tip is it is sometimes work breaking you disk into two partitions, one for system and one for data, then symlink your www to that other partition. That way if you need to reinstall the OS or do something silly by accident ( yes I've been there ), you can keep your www data intact