Apache PHP and virtualhost security

[e-ian-taylor]

Hi.

I am in the process of migrating from a windows system to a LAMP server (openSUSE 11) mostly for security reasons but I still have one major hurdle to overcome. It goes like this

I have 3 sites hosted on the same server using name based virtual hosts, they are (just for example):-

www.ixx.info
served from /home/ian/public_html
linux user 'ian' has required permissions on this directory

www.taxbreaks.dodgygexxxx.biz
served from /home/dodgygexxxx/public_html
linux user 'dodgygeezer' has required permissions on this directory

www.twoburgers.com
served from /home/kmoxxx/public_html
linux user 'kmoxxx' has the required permissions on this directory

In the current config it is possible for a PHP script run on ixx.com - Overview to access files on either of the other two virtual hosts and the same goes the other way around. Is it possible to prevent this? (I'm sure it must be)

For example can I force any requests for ixx.com - Overview to be served with the permissions of user ian and any requests for www.twoburxxxx.com to be served with the permissions of user kmoxxx. This way the scripts would only be able to access files in their own user directories and not interfere with the other sites.

Each site has its own virtualhost section in httpd.conf so could I configure it there? Or would it be a php configuration?

Thanks for any help you can give on this one

e

[jledhead]

I don't think its possible. scripts generally run as the user that runs apache, so you can't have one vhost run as user1 and another run as user2