SSH

From WebarchDocs
Revision as of 11:18, 2 August 2020 by Chris (talk | contribs) (SSH access to shared hosting servers)
Jump to: navigation, search

If you don't know what a command line interface is then you don't need to use SSH.

SSH access to shared hosting servers

All our shared hosting servers allow SSH access in addition to SFTP, the main advantage of SSH is for people who want to manage their WordPress, Nextcloud, Drupal or MediaWiki sites using the commands line interfaces for updating etc, see the respective pages for these content management systems for more information about their command line interfaces.

On shared hosting servers the environment you have access to via SSH is not the environment in which Apache, PHP-FPM and MySQL are running (you SSH into a chroot which has your home directory mounted in it), however you can use the mysql command line client and mysqldump and drush, wp, git, composer etc.

If there are any tools you need and which are not installed please ask for them to be installed (for example if you need an editor other than Vim!).

Ownership and Permissions

Please note that your home directory is owned root, is in your group and is 0750, we have to made the root directory read-only in order to chroot SFTP, in addition the sub-directory ~/logs has to be owned by root as Apache runs as root and if it is unable to write log files Apache won't start — if home was owned by the user account then users would have permission to move ~/logs (even when it is root:root) and thus break Apache for all users on the server… if you need any additional sub-directories in $HOME creating and chowning please ask us to do this for you.

PHP-FPM runs as you and Apache runs as www-data and www-data is in your group, this means that directories need to be at least 0750 and files 0640 for Apache to be able to serve them.

Note that by default we set ~/private to 0700 so this means that while the PHP-FPM process can read files in this directory Apache cannot.

Ansible

If you are using Ansible to deploy to our shared hosting servers then in the past (this hasn't been tested recently), to avoid the warnings about SFTP being disabled you needed add the following to your ~/.ansible.cfg:

[ssh_connection]
scp_if_ssh=True