On Fri, Sep 30, 2011 at 10:06 AM, <m.roth at 5-cent.us> wrote: >> >>> I had a recent request to improve security on my web servers by having >>> each website use a different user to run the hosting service. So >>> example1.comhas it's own Apache instance running as apache1 and then >>> example2.com has its own instance of Apache as apache2. Is this even >>> possible or realistic? I understand the idea of how that would be >>> secure, much like creating a virtual machine to segregate services. >>> The only way I can think how this is done is to chroot each website. >>> What makes this request even stranger is that each website will be >>> managed by the same CMS and code base. So with that being the case, >>> I don't see how this is possible. Any ideas or insight are very welcome. >> >> Used to do that a lot on FreeBSD. It was just a virtual host. >> We used separate IPs for each virtual host, but there are ways >> to do it with name based virtual hosts. I think name based VH >> didn't work with https though. > > I think Trey needs to push back - *IF* I understand him correctly, it > sounds like duplicate websites, but running as different users. That, to > me, literally makes no sense...mmmm, unless a) the source of the request > doesn't understand what he wants, or b) there's something illegal going > on, and users going to a different site have different things happening, > based on data/database content. > > Clarifications would be helpful. Yes, a real 'user' oriented concept could use the public_html directory out of their home directory. But since a CMS is mentioned, the data may in fact all live in a database with the link controlling permissions based on the web server's configuration where the db login/password is set up. So besides the reverse proxy to multiple web servers it might also need multiple databases set up, each with a different name and credentials. -- Les Mikesell lesmikesell at gmail.com