Jerry McAllister wrote:
On Thu, Sep 29, 2011 at 08:22:59PM -0500, Trey Dockendorf wrote:
I had a recent request to improve security on my web servers by having each website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be secure, much like creating a virtual machine to segregate services. The only way I can think how this is done is to chroot each website. What makes this request even stranger is that each website will be managed by the same CMS and code base. So with that being the case, I don't see how this is possible. Any ideas or insight are very welcome.
Used to do that a lot on FreeBSD. It was just a virtual host. We used separate IPs for each virtual host, but there are ways to do it with name based virtual hosts. I think name based VH didn't work with https though.
I think Trey needs to push back - *IF* I understand him correctly, it sounds like duplicate websites, but running as different users. That, to me, literally makes no sense...mmmm, unless a) the source of the request doesn't understand what he wants, or b) there's something illegal going on, and users going to a different site have different things happening, based on data/database content.
Clarifications would be helpful.
mark