>>> I'd like to hire a freelancer to work on my website. I don't want to >>> provide access to all of my code, but instead only the particular file >>> or files being worked on. Does anyone know of a development framework >>> that would help facilitate that sort of thing? Would no shell access >>> along with restricted SFTP access be the simplest, safest, most >>> effective way to go? >> >> Why not just send him the stuff he should be working on? He can run his >> own Apache/PHP/whatever on his development machine. When he's done, he >> can send you a tarball of the site files and maybe a SQL dump if you're >> using a database. > > The problem with that is he will need to test his code in the working > system. I need a way for him to be able to read/write to a certain > file or files within the working system, but have no read/write access > to any other files in the system. > > Is SFTP perhaps the way to go for this? > > - Grant
For some reason I thought SFTP would provide access control but now I'm thinking it's just like SSH in that access control is based on file ownership and permissions? If that's the case, can anyone think of a better way to control remote access to my files than chmod/chown? I think it would be nice if the access control were built into the transport mechanism, version control system, or something else already in use, but it doesn't sound like that's going to happen. - Grant >> That's the easiest one-off solution. If you're looking for something >> more permanent, another idea is to have a "public" git repo somewhere >> while the developers all work on their own workstations. SQL changes can >> be made via numbered migrations, e.g., >> >> 001-create_users_table.sql >> 002-create_nodes_table.sql >> 003-disregard_that_drop_users_table.sql >> >> and devs can push everything to the git repo, as long as it's a >> fast-forward (so they can't trash the repo history). >> >> Once you're ready to move something live, an admin logs in to the >> production box, does a `git pull`, and then runs the migrations or makefile.
