[wp-hackers] Using NFS for the media library in a large MultiSite installation

Cornelius, Gregory gcorne at bu.edu
Thu Oct 18 20:26:50 UTC 2012 

Fellow WP/Linux experts,

I am working on a project to redo the hosting infrastructure for our
WordPress MultiSite CMS. As part of the project, we are changing the file
system that we are using to store media library content from AFS to NFSv3.
We have around 1 TB of data.

To help the systems staff, I am trying to get a sense of how other people
handle file servers and permissions? In the existing production
environment that uses AFS as the file system backing the media library, we
have relied on the ACLs provided by the file system to give a group of
staff members access via sFTP to the media library content. And, of
course, the web servers also have RW access. We are trying to come up with
a similar solution that uses NFSv3 instead. Is anyone using POSIX Default
ACLs?

We already have a solution in place so that media requests do not go
through ms-files.php so my concerns are mostly around adding media,
moving, and copying via scripts, sFTP, and WordPress.

The application servers and files servers will be running CentOS 5 in a
VMWare environment. We are considering:

1. Creating a group wpstatic that includes the Apache user and all staff.
Set the mode for the media library directory to 2775 and set umask to 002
for both Apache and the staff users. The problem with this is that the
setgid bit can easily be stomped on.

2. Use a POSIX Default ACL that gives Apache and the staff RW access to
the media library portion of the file system.

3. Use SSH key pairs and have the staff connect to the sFTP service using
the same account as the web server runs under when working in the media
library portion of the file system.

The vast majority of the interactions will occur via Apache (through
WordPress), and there are about 25 staff members.

What do folks prefer? Are there any particular pitfalls that people have
run into with NFS that I should work to avoid?

Thanks,
Gregory

---
Gregory Cornelius
Senior Solutions Architect
Information Services & Technology
Boston University
617.358.6499

More information about the wp-hackers mailing list