I recently tidied my server filesystem and ended up making webroot a little more secure by keeping all of my source out of there, and having nothing that I edit directly in place.
Mainly this was done to avoid duplication of backups. Okay, so you can never have enough backups, but I previously kept all of my development code in ~/Development which was being backed up as well as all being under version control with Assembla. It also meant I had a load of symlinks in webroot pointing at various trunks and branches and I’d never really liked the idea of that.
The solution I’ve currently gone with is maybe a bit more than is required given I’m a sole developer on my home machine, but right now it’s working nicely for me. That said, the old approach worked nicely for a few months too, so I don’t expect this will be the best, or most final, solution I try. Anyway…
All source code is now in /usr/local/source, organised by projects. Each project is owned by root, chgrp for ‘developers’, and ‘chmod g+s’ to ensure that all files remain accessible to the developers group. And each project may contain sub-projects, with everything being under version control with either svn (client projects) or git (personal projects). Eg:
cd /usr/local/source svn checkout https://subversion.assembla.com/svn/sandbox/ sudo chown root:developers -R sandbox sudo chmod g+s sandbox sudo chmod 660 sandbox cd sandbox find . -type d -print0 | xargs -0 sudo chmod 770 find . -type f -print0 | xargs -0 sudo chmod 660 sudo chmod -a -G developers mark #requires logout
I create NetBeans projects with the project root at this location, and ‘Copy files form the Sources Folder to another location’ is ticked, and directed to a suitably named folder in webroot.
Once this is created, it is ‘chown root:www-data’, and chmod ‘g+s’ with default permissions allowing the web server can write to logs and write any cache files that are used. And I’m added as a member of www-data group.
cd /var/www sudo chown root:www-data -R sandbox sudo chmod g+s sandbox sudo usermod -a -G www-data mark #requires logout
After this, I create a new virtual host to the project in /etc/apache2/sites-available, an entry to /etc/hosts, a number of aliases so I can easily access various points of the project from the terminal, and usually add a bookmark to the Bookmarks Toolbar in Firefox for easy access.
cd /etc/apache2/sites-available sudo cp default sandbox sudo vi sandbox #Edit to look like DocumentRoot /var/www/sandbox
Options FollowSymLinks AllowOverride All Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all:wq sudo a2ensite sandbox sudo service apache2 restart
cd /etc sudo vi hosts #Edit to add 127.0.0.1 sandbox :wq
cd vi .bash_aliases #Edit to add alias sand="cd /var/www/sandbox" alias sands="cd /usr/local/src/sandbox" alias sandl="tail100 -n 100 -f /var/www/sandbox/logs/sandbox.log" :wq . .bash_aliases
It seems complicated now I look at it again, and I’m happy to accept it might not be the best way. But it avoids a large amount of duplication in backups, still allows me to use xdebug in NetBeans, allows me to easily view logs and drop into the project webroot or source in a terminal if I need to. And as I prefer to use svn and git in CLI and not in NetBeans, this can be helpful.
And it feels like a step in the right direction, so I’ll go with it for now.