On Thu, Sep 29, 2011 at 9:35 PM, Lucian lucian@lastdot.org wrote:
On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf treydock@gmail.com wrote:
I had a recent request to improve security on my web servers by having
each
website use a different user to run the hosting service. So example1.comhas it's own Apache instance running as apache1 and then example2.com has its own instance of Apache as apache2. Is this even possible or realistic? I understand the idea of how that would be
secure,
much like creating a virtual machine to segregate services. The only way
I
can think how this is done is to chroot each website. What makes this request even stranger is that each website will be managed by the same
CMS
and code base. So with that being the case, I don't see how this is possible. Any ideas or insight are very welcome.
Is there a specific requirement to run different http servers? Because if there is not then you can just use Suexec+fastcgi. Otherwise, just use Apache to proxy stuff to backend servers (can be anything from apache to nginx).
HTH _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
I do not know the exact reasoning for wanting each website to be run by a separate Apache process that has it's own user. Likely it's a misunderstanding of actual threats to websites, or using a IIS mindset to set requirements for Apache.
I'll give Suexec+fastcgi a look and mod_ruid. Thanks for those suggestions
While on subject of Apache security... Another request / idea was to have this CMS under development write user controls to .htaccess files to restrict download access to directories. Typically if I even allow any overrides, I set it so apache can only read .htaccess. My understanding of the more obvious implications is that if the web server can write to .htaccess so can any attacker, and then can easily inject malware or redirect the site to malicious content. Is there ever a case where it's safe to allow write access by apache to .htaccess? Does the below config for .htaccess in httpd.conf protect from this at all if write permissions were given on the file system?
<Files ~ "^.htaccess"> Order allow,deny Deny from all Satisfy All </Files>
Personally I think that the CMS should handle authorization, and at then possibly rely on Apache for authentication. In the case of this CMS it will be authenticating against a campus SSO through CAS, but access has to be restricted based on user lists.
- Trey
On Thu, 29 Sep 2011 21:57:52 -0500 Trey Dockendorf treydock@gmail.com wrote:
On Thu, Sep 29, 2011 at 9:35 PM, Lucian lucian@lastdot.org wrote:
On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf treydock@gmail.com wrote:
I had a recent request to improve security on my web servers by having
each
website use a different user to run the hosting service.
....
I'll give Suexec+fastcgi a look and mod_ruid. Thanks for those suggestions
Also check http://mpm-itk.sesse.net/ . It's neat in a sense that users don't have to fiddle with file permissions, but has a danger that a badly written php code gives attacker access to all files that $USER owns.