On Fri, Sep 30, 2011 at 10:06 AM, m.roth@5-cent.us wrote:
I had a recent request to improve security on my web servers by having each website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be secure, much like creating a virtual machine to segregate services. The only way I can think how this is done is to chroot each website. What makes this request even stranger is that each website will be managed by the same CMS and code base. So with that being the case, I don't see how this is possible. Any ideas or insight are very welcome.
Used to do that a lot on FreeBSD. It was just a virtual host. We used separate IPs for each virtual host, but there are ways to do it with name based virtual hosts. I think name based VH didn't work with https though.
I think Trey needs to push back - *IF* I understand him correctly, it sounds like duplicate websites, but running as different users. That, to me, literally makes no sense...mmmm, unless a) the source of the request doesn't understand what he wants, or b) there's something illegal going on, and users going to a different site have different things happening, based on data/database content.
Clarifications would be helpful.
Yes, a real 'user' oriented concept could use the public_html directory out of their home directory. But since a CMS is mentioned, the data may in fact all live in a database with the link controlling permissions based on the web server's configuration where the db login/password is set up. So besides the reverse proxy to multiple web servers it might also need multiple databases set up, each with a different name and credentials.