Secure PHP environments with PHP-FPM and SFTP
Posted
by
pdd
on Server Fault
See other posts from Server Fault
or by pdd
Published on 2011-07-28T15:01:35Z
Indexed on
2012/06/30
3:17 UTC
Read the original article
Hit count: 490
I'd like to set up secure environments for a small number of untrusted PHP websites on a Debian server. Right now everything runs on the same Apache2 with mod_php5 and vsftpd for administrative file access, so there is room for improvement.
The idea is to use nginx instead of apache, SFTP through OpenSSH instead of vsftpd and chrooted (in sshd_config), individual users for each website with their own pool of PHP processes. All these users and nginx are part of the same group.
Now in theory I can set 700 permissions on all PHP scripts and 750 on static files that nginx has to serve up. Theoretically, if a website is compromised all the other users' data is safe, right?
Are there better solutions that require less setup time and memory per website?
Cheers
© Server Fault or respective owner