On 09/29/11 6:22 PM, Trey Dockendorf wrote:
I had a recent request to improve security on my web servers by having each website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be secure, much like creating a virtual machine to segregate services. The only way I can think how this is done is to chroot each website. What makes this request even stranger is that each website will be managed by the same CMS and code base. So with that being the case, I don't see how this is possible. Any ideas or insight are very welcome.
afaik, its only possible to use multiple instances of apache if you have multiple IP addresses, each one bound to a different address, or use different ports for each site (which would require specifying the :port as part of the URL)
I'd strongly question the rationale behind this request. sounds like half-thinking to me.