[lug] apache vhost / php perms
karl horlen
horlenkarl at yahoo.com
Wed Apr 16 17:18:32 MDT 2008
I've got a lamp server that runs multiple php/mysql based vhosts. Some document roots of these vhosts are owned by different user accounts.
In order to allow apache to execute the php in these individually user owned directories, I simply added each user id to the group 'apache'. It works fine.
However, it's not very secure. If user A logs in to his account, he can literally add / change / list / copy anything in user B, C, D... 's server root directory because they all share 'apache' group perms. Not good!
Can anyone recommend a bulletproof solution to allow apache the access it needs to exec php from multiple user owned doc roots while preventing different users from tampering with each other's files and dirs?
I'd prefer something that's fairly easy to administer as multiple accounts / vhosts are likely to be added and removed from the server.
I do know that there is an ExecCGI option. But i think this seriously degrades performance? And as silly as this sounds, for some reason I always associate CGI with perl and not php so I'm not even sure this would work with php?
Open to any and all solutions.
Thanks
____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ
More information about the LUG
mailing list