Django生产服务器的Linux用户方案

Question

I'm currently trying to set up nginx + uWSGI server for my Django homepage. Some tutorials advice me to create specific UNIX users for certain daemons. Like nginx user for nginx daemon and so on. As I'm new to Linux administration, I thought just to create second user for running all the processes (nginx, uWSGI etc.), but it turned out that I need some --system users for that.

Main question is what users would you set up for nginx + uWSGI server and how to work with them? Say, I have server with freshly installed Debian Squeeze.

Should I install all the packages, virtual environment and set up all the directories as root user and then create system ones to run the scripts?

Answer 1

I like having regular users on a system:

• multiple admins show up in sudo logs -- there's nothing quite like asking a specific person why they made a specific change.

• not all tasks require admin privileges, but admin-level mistakes can be more costly to repair

• it is easier to manage the ~/.ssh/authorized_keys if each file contains only keys from a specific user -- if you get four or five different users in the file, it's harder to manage. Small point :) but it is so easy to write cat ~/.ssh/id_rsa.pub | ssh user@remotehost "cat - > ~/.ssh/authorized_keys" cat ~/.ssh/id_rsa.pub | ssh user@remotehost "cat - > ~/.ssh/authorized_keys" -- if one must use >> instead, it's precarious. :)

But you're right, you can do all your work as root and not bother with regular user accounts.