Secure PHP environments with PHP-FPM and SFTP

Posted by pdd on Server Fault See other posts from Server Fault or by pdd
Published on 2011-07-28T15:01:35Z Indexed on 2012/06/30 3:17 UTC
Read the original article Hit count: 490

Filed under:
|
|
|

I'd like to set up secure environments for a small number of untrusted PHP websites on a Debian server. Right now everything runs on the same Apache2 with mod_php5 and vsftpd for administrative file access, so there is room for improvement.

The idea is to use nginx instead of apache, SFTP through OpenSSH instead of vsftpd and chrooted (in sshd_config), individual users for each website with their own pool of PHP processes. All these users and nginx are part of the same group.

Now in theory I can set 700 permissions on all PHP scripts and 750 on static files that nginx has to serve up. Theoretically, if a website is compromised all the other users' data is safe, right?

Are there better solutions that require less setup time and memory per website?

Cheers

© Server Fault or respective owner

Related posts about nginx

Related posts about sftp