[CentOS] Running Apache sites as separate users

Fri Sep 30 15:06:32 UTC 2011
m.roth at 5-cent.us <m.roth at 5-cent.us>

Jerry McAllister wrote:
> On Thu, Sep 29, 2011 at 08:22:59PM -0500, Trey Dockendorf wrote:
>> I had a recent request to improve security on my web servers by having
>> each website use a different user to run the hosting service.  So
>> example1.comhas it's own Apache instance running as apache1 and then
>> example2.com has its own instance of Apache as apache2.  Is this even
>> possible or realistic?  I understand the idea of how that would be
>> secure, much like creating a virtual machine to segregate services.
>> The only way I can think how this is done is to chroot each website.
>> What makes this request even stranger is that each website will be
>> managed by the same CMS and code base.  So with that being the case,
>> I don't see how this is possible.  Any ideas or insight are very welcome.
> Used to do that a lot on FreeBSD.  It was just a virtual host.
> We used separate IPs for each virtual host, but there are ways
> to do it with name based virtual hosts.  I think name based VH
> didn't work with https though.

I think Trey needs to push back - *IF* I understand him correctly, it
sounds like duplicate websites, but running as different users.  That, to
me, literally makes no sense...mmmm, unless a) the source of the request
doesn't understand what he wants, or b) there's something illegal going
on, and users going to a different site have different things happening,
based on data/database content.

Clarifications would be helpful.