[kwlug-disc] Apache vhosts as different users
L.D. Paniak
ldpaniak at fourpisolutions.com
Mon May 18 20:45:58 EDT 2020
Maybe this could be helpful:
https://httpd.apache.org/docs/2.4/suexec.html
Some people I know use a variant:
https://cs.uwaterloo.ca/twiki/view/CF/FlexSuexec
On 5/18/20 6:21 PM, Paul Nijjar via kwlug-disc wrote:
> I have a webserver running Ubuntu 18.04 . I have some Apache vhosts
> that all run as www-data . I now want to add a new vhost running some
> code I do not trust a lot. If somebody breaks into this new vhost I
> would like to limit the damage done to the others.
>
> This is a PHP application. I already have the php-fpm module running
> for my other vhosts.
>
> I would like to do this in a way that is (a) reasonably easy, (b) will
> not mess up all my other vhosts.
>
> What are my best options here? I have seen the following so far:
>
> - There is a package called libapache2-mpm-itk which apparently lets
> you run different vhosts as different users, but it looks like this
> changes the Apache mode to something without threads.
>
> - Maybe I want to have userdirs and just put the vhost in
> /home/user/public_html ? I do not know the security implications of
> this.
>
> I am sure there are other approaches too, but I do not know what they
> are.
>
> - Paul
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200518/5776ec6c/attachment.sig>
More information about the kwlug-disc
mailing list