[kwlug-disc] Apache vhosts as different users
Khalid Baheyeldin
kb at 2bits.com
Mon May 18 23:29:17 EDT 2020
It seems whichever way you do it, you have to settle for something that
executes PHP
in a process for that particular Linux user ID, and doing that, forgo all
threaded efficiencies ...
For example, for libapache2-mpm-itk
This is how it is described in the repo:
The mpm-itk module, although not technically a Multi-Processing Module
(MPM)
(although it used to be) *enhances the classical "prefork" module* (that
is,
*without threads*), in such a way that it allows you to constrain each
individual
vhost to a particular system user and group. This allows you to run several
different
web sites on a single server without worrying that they will be able to
read each
others' files. mpm-itk is largely independent of e.g. what scripting
technology is in
use on your server; in particular, it does not require you to run your
scripts as CGI
to get the extra security benefit.
Homepage: http://mpm-itk.sesse.net/
There is also mod_privileges
https://httpd.apache.org/docs/2.4/mod/mod_privileges.html
But it requires mod_php, so back to the same model
Depending on the site specifics, either would be workable. For example, if
the code
base is relatively small (does not eat a lot of RAM), and has low traffic.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200518/4a452d77/attachment.htm>
More information about the kwlug-disc
mailing list