Q: Howto setup a web-hotel with apache, php and mysql
I've been using apache, php and mysql for ages on several servers - but
I've always been in control of the php-scripts in use. Now I have to set
up a server running Debian "Sarge" where the users must have access to
upload their own php-scripts.
What I'm looking for is a simple way to make the server reasonable
secure. I don't want one user to peek at the next users php-code, and I
don't want someone exploiting user-A's lacking php-skills to get into
user-B's credit-card table in mysql ;)
Ideally, I would want Apache to change user-id when it enters the
VirtualHost of a user. I don't see how this can be done, so a more
realistic approach may be to run php as a separate user for each virtual
host. I've played a little with suexec - but this thing seems a bit
_too_ paranoid...
I don't feel any particular urge to reinvent the wheel in this matter,
so I wonder how other admins have solved this problem. I know there
exist lots of ISP's who offer similar services at a very low cost.
Please advice, or suggest relevant articles or documentation.
Thanks :)
Jarle
--
Jarle Aase email: jgaa@jgaa.com
Author of freeware. http://www.jgaa.com
news:alt.comp.jgaa
War FTP Daemon: http://www.warftp.org
War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm
Jgaa's PGP key: http://war.jgaa.com/pgp
NB: If you reply to this message, please include all relevant
information from the conversation in your reply. Thanks.
<<< no need to argue - just kill'em all! >>>
Reply to: