On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf treydock@gmail.com wrote:
I had a recent request to improve security on my web servers by having each website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be secure, much like creating a virtual machine to segregate services. The only way I can think how this is done is to chroot each website. What makes this request even stranger is that each website will be managed by the same CMS and code base. So with that being the case, I don't see how this is possible. Any ideas or insight are very welcome.
Is there a specific requirement to run different http servers? Because if there is not then you can just use Suexec+fastcgi. Otherwise, just use Apache to proxy stuff to backend servers (can be anything from apache to nginx).
HTH