[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Q: Howto setup a web-hotel with apache, php and mysql

I've been using apache, php and mysql for ages on several servers - but
I've always been in control of the php-scripts in use. Now I have to set
up a server running Debian "Sarge" where the users must have access to
upload their own php-scripts.

What I'm looking for is a simple way to make the server reasonable
secure. I don't want one user to peek at the next users php-code, and I
don't want someone exploiting user-A's lacking php-skills to get into
user-B's credit-card table in mysql ;)

Ideally, I would want Apache to change user-id when it enters the
VirtualHost of a user. I don't see how this can be done, so a more
realistic approach may be to run php as a separate user for each virtual
host. I've played a little with suexec - but this thing seems a bit
_too_ paranoid...

I don't feel any particular urge to reinvent the wheel in this matter,
so I wonder how other admins have solved this problem. I know there
exist lots of ISP's who offer similar services at a very low cost.
Please advice, or suggest relevant articles or documentation.

Thanks :)

Jarle Aase                      email: jgaa@jgaa.com
Author of freeware.             http://www.jgaa.com

War FTP Daemon:     http://www.warftp.org
War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm
Jgaa's PGP key:     http://war.jgaa.com/pgp
NB: If you reply to this message, please include all relevant
information from the conversation in your reply. Thanks.
<<< no need to argue - just kill'em all! >>>

Reply to: