Securing php on a shared apache

Posted by Jack on Server Fault See other posts from Server Fault or by Jack
Published on 2012-10-28T19:55:04Z Indexed on 2012/10/28 23:05 UTC
Read the original article Hit count: 282

Filed under:
|
|
|

I'm going to install apache+php in a server where two users, A and B, will deploy their website. I'm trying to achieve isolation of users' space for security reasons: that is no scripts from site A should be able to read files in site B.

To achieve this I installed suphp. Website files of user A are owned by A:A with perm=700 and user of B are owned by B:B with perm=700. Suphp works great, but apache complains about permissions to read .htaccess.

How can I let apache to read .htaccess in every dir of A and B while keeping isolation between site A and site B? I played with ownership (group = www-data) and permissions (750) but I found no way to keep isolation granted. Any idea?

Maybe by running apache as root, but in this case are there any drawbacks?

© Server Fault or respective owner

Related posts about apache2

Related posts about .htaccess