Securing php on a shared apache
Posted
by
Jack
on Server Fault
See other posts from Server Fault
or by Jack
Published on 2012-10-28T19:55:04Z
Indexed on
2012/10/28
23:05 UTC
Read the original article
Hit count: 289
I'm going to install apache+php in a server where two users, A and B, will deploy their website. I'm trying to achieve isolation of users' space for security reasons: that is no scripts from site A should be able to read files in site B.
To achieve this I installed suphp. Website files of user A are owned by A:A with perm=700 and user of B are owned by B:B with perm=700. Suphp works great, but apache complains about permissions to read .htaccess.
How can I let apache to read .htaccess in every dir of A and B while keeping isolation between site A and site B? I played with ownership (group = www-data) and permissions (750) but I found no way to keep isolation granted. Any idea?
Maybe by running apache as root, but in this case are there any drawbacks?
© Server Fault or respective owner