High-level user on Media Temple DV managed server (Plesk)
I've recently set up a DV Managed server from Media Temple. I'm not sure if my question is specific to Media Temple, Plesk or Linux in general.
I'm open to alternatives but basically what I am trying to do:
Usecase: I'd like to have 1 "high-level" ssh login that has access across all domains associated with the DV server. I'm currently deploying sites for clients using git/github/ssh.
In Plesk, I create Customers > Subscriptions (I add their domain(s) and user here).
This creates a domain in the var/www/vhosts/ directory.
I'd like to have one ssh login that I can use to cd and git pull in that directory. Ideally I don't create a new user for each customer and set up ssh to work appropriately with git.
I chatted with Media Temple a few times and they pointed me in a few directions but nothing really seemed to work.
One article seemed to say what I wanted:
This example will create an SSH user with access to the /var/www/vhosts/ directory, which is where all of your website files are kept.
but after creating a high-level user, that user still does not have access to directories (domains) inside the /vhosts/ directory
Root would work, but I'm not comfortable always logging in as root.
I could also forgo the Customers/Subscriptions and just put everything under 1 company - but that sort of defeats the purpose of how Plesk is set up with subscriptions.
I'm sure that's all about as clear as mud.
Update: I am using Plesk v11.5.30 in the Service Provider view.
Subscriptions are designed to isolate domains and users from each other, so there is no natural solution for such server-wide user. You can make a "shared" user and include it in :psaserv and :psacln groups (used by Plesk internally), so such user will be able to browse other subscriptions' folders to certain degree. Still some folders may remain closed.
W/o ACL, Linux file privileges are simple & clear, but not very flexible.
Completely agree with Sergey, just a few moments:
content of all domains in single subscription stored in one folder(just check it), so you already get one non-root FTP/SSH user which will has access to all files of all domains;
in single subscription you can create single database user with access to all databases created in subscription;
in single subscription PHP code is executing under single user for all domains, so you have to be 100% sure of security of every of your projects during all time of their existing