[kwlug-disc] Apache vhosts as different users
Paul Nijjar
paul_nijjar at yahoo.ca
Mon May 18 18:21:50 EDT 2020
I have a webserver running Ubuntu 18.04 . I have some Apache vhosts
that all run as www-data . I now want to add a new vhost running some
code I do not trust a lot. If somebody breaks into this new vhost I
would like to limit the damage done to the others.
This is a PHP application. I already have the php-fpm module running
for my other vhosts.
I would like to do this in a way that is (a) reasonably easy, (b) will
not mess up all my other vhosts.
What are my best options here? I have seen the following so far:
- There is a package called libapache2-mpm-itk which apparently lets
you run different vhosts as different users, but it looks like this
changes the Apache mode to something without threads.
- Maybe I want to have userdirs and just put the vhost in
/home/user/public_html ? I do not know the security implications of
this.
I am sure there are other approaches too, but I do not know what they
are.
- Paul
--
Events: https://feeds.off-topic.kwlug.org
Blog: http://pnijjar.freeshell.org
More information about the kwlug-disc
mailing list