[CentOS] Running Apache sites as separate users

Dennis Jacobfeuerborn dennisml at conversis.de
Fri Sep 30 01:48:41 UTC 2011


On 09/30/2011 03:31 AM, John R Pierce wrote:
> On 09/29/11 6:22 PM, Trey Dockendorf wrote:
>> I had a recent request to improve security on my web servers by having each
>> website use a different user to run the hosting service.  So
>> example1.comhas it's own Apache instance running as apache1 and then
>> example2.com has its own instance of Apache as apache2.  Is this even
>> possible or realistic?  I understand the idea of how that would be secure,
>> much like creating a virtual machine to segregate services.  The only way I
>> can think how this is done is to chroot each website.  What makes this
>> request even stranger is that each website will be managed by the same CMS
>> and code base.  So with that being the case, I don't see how this is
>> possible.  Any ideas or insight are very welcome.
>
> afaik, its only possible to use multiple instances of apache if you have
> multiple IP addresses, each one bound to a different address, or use
> different ports for each site (which would require specifying the :port
> as part of the URL)
>
> I'd strongly question the rationale behind this request.  sounds like
> half-thinking to me.

I wonder if SELinux/sVirt can be used for something like this. sVirt was 
created to isolate running virtual machine instances from one another. 
Something similar should be possible for virtual hosts at least in theory.

Regards,
   Dennis



More information about the CentOS mailing list