Find the answer to your Linux question:
Results 1 to 2 of 2
Hi. I am in the process of migrating from a windows system to a LAMP server (openSUSE 11) mostly for security reasons but I still have one major hurdle to ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2008
    Posts
    2

    Apache PHP and virtualhost security


    Hi.

    I am in the process of migrating from a windows system to a LAMP server (openSUSE 11) mostly for security reasons but I still have one major hurdle to overcome. It goes like this

    I have 3 sites hosted on the same server using name based virtual hosts, they are (just for example):-

    www.ixx.info
    served from /home/ian/public_html
    linux user 'ian' has required permissions on this directory

    www.taxbreaks.dodgygexxxx.biz
    served from /home/dodgygexxxx/public_html
    linux user 'dodgygeezer' has required permissions on this directory

    www.twoburgers.com
    served from /home/kmoxxx/public_html
    linux user 'kmoxxx' has the required permissions on this directory

    In the current config it is possible for a PHP script run on ixx.com - Overview to access files on either of the other two virtual hosts and the same goes the other way around. Is it possible to prevent this? (I'm sure it must be)

    For example can I force any requests for ixx.com - Overview to be served with the permissions of user ian and any requests for www.twoburxxxx.com to be served with the permissions of user kmoxxx. This way the scripts would only be able to access files in their own user directories and not interfere with the other sites.

    Each site has its own virtualhost section in httpd.conf so could I configure it there? Or would it be a php configuration?

    Thanks for any help you can give on this one

    e
    Last edited by bigtomrodney; 07-08-2008 at 09:42 PM.

  2. #2
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    I don't think its possible. scripts generally run as the user that runs apache, so you can't have one vhost run as user1 and another run as user2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •