On Thu, Oct 27, 2005 at 11:04:34PM -0400, Steve Dondley wrote:
> I'm setting up a server that will host many web sites on my Debian
> Sarge machine. Each site will be administered by a different user.
> Each site will give users SFTP access, access to the cgi-bin, and to
> PHP (with mod_php installed). I'm not very worried about my users
> doing anything malicious. However, if a hacker ever obtained a
> password from one of my users, they'd essentially have free reign on
> my server to run any kind of perl/php script they wanted.
>
If the server is beefy enough, consider using libapache{,2}-mod-suphp.
IIRC, it requires that PHP be run as a CGI instead of a mod, hence the
performance hit, but it is much more secure where you cannot control the
scripts written by your users. Also, consider setting low resource
limits on PHP scripts.
> So assuming a hacker did get access to a user's web space, what can I
> do to limit the damage? I'm having trouble tracking down a document
> that will give me a good overview some basic precautions. Here's some
> specific questions:
>
Two packages you will want to consider:
rssh - Restricted shell allowing only scp, sftp, cvs, rsync and/or rdist
scponly - Restricts the commands available to scp- and sftp-users
> Must I abandon mod_php? Is fastcgi the way to go?
> If permissions on my files are set properly, is it really necessary to
> chroot apache?
> What's this v-host (virtual host?) someone mentioned to me? Is this
> like giving each user their own chrooted apache server environment?
> I use webmin to help create sites quickly and easily. Must I abandon it?
>
Unfortunately, the rest is beyond my expertise. Maybe others can help.
-Roberto
--
Roberto C. Sanchez
http://familiasanchez.net/~roberto
Attachment:
pgp0h2zpf3TLX.pgp
Description: PGP signature