Re: Q: Howto setup a web-hotel with apache, php and mysql

To: Jarle Aase <jgaa@jgaa.com>
Cc: debian-isp@lists.debian.org
Subject: Re: Q: Howto setup a web-hotel with apache, php and mysql
From: Micah Anderson <micah@riseup.net>
Date: Wed, 2 Feb 2005 15:50:13 -0600
Message-id: <[🔎] 20050202215013.GH12671@riseup.net>
In-reply-to: <1106556919.20504.22.camel@skywalker>
References: <1106556919.20504.22.camel@skywalker>

Have a look at the linux vserver project. You can setup individual
vservers for your "clients" that only have apache+php and maybe ssh if
they want to scp their files in. It isolates their setup so that if
they get hacked, they aren't compromising your entire system.
Additionally, it takes very little additional resource overhead
because you are not running a complete user-space kernel (such is the
case with something like UML). Its pretty slick.

micah


On Mon, 24 Jan 2005, Jarle Aase wrote:

> I've been using apache, php and mysql for ages on several servers - but
> I've always been in control of the php-scripts in use. Now I have to set
> up a server running Debian "Sarge" where the users must have access to
> upload their own php-scripts.
> 
> What I'm looking for is a simple way to make the server reasonable
> secure. I don't want one user to peek at the next users php-code, and I
> don't want someone exploiting user-A's lacking php-skills to get into
> user-B's credit-card table in mysql ;)
> 
> Ideally, I would want Apache to change user-id when it enters the
> VirtualHost of a user. I don't see how this can be done, so a more
> realistic approach may be to run php as a separate user for each virtual
> host. I've played a little with suexec - but this thing seems a bit
> _too_ paranoid...
> 
> I don't feel any particular urge to reinvent the wheel in this matter,
> so I wonder how other admins have solved this problem. I know there
> exist lots of ISP's who offer similar services at a very low cost.
> Please advice, or suggest relevant articles or documentation.
> 
> Thanks :)
> 
> Jarle
> -- 
> Jarle Aase                      email: jgaa@jgaa.com
> Author of freeware.             http://www.jgaa.com
>                                 news:alt.comp.jgaa
> 
> War FTP Daemon:     http://www.warftp.org
> War FTP Daemon FAQ: http://www.warftp.org/faq/warfaq.htm
> Jgaa's PGP key:     http://war.jgaa.com/pgp
> NB: If you reply to this message, please include all relevant
> information from the conversation in your reply. Thanks.
> <<< no need to argue - just kill'em all! >>>
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

Prev by Date: Re: hot-add unformatted drive to RAID array automagically
Next by Date: Re: Q: Howto setup a web-hotel with apache, php and mysql
Previous by thread: reiserfs fragmentation
Next by thread: Re: Q: Howto setup a web-hotel with apache, php and mysql
Index(es):
- Date
- Thread