On Thu, Sep 29, 2011 at 9:35 PM, Lucian <lucian at lastdot.org> wrote: > On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf <treydock at gmail.com> > wrote: > > I had a recent request to improve security on my web servers by having > each > > website use a different user to run the hosting service. So > > example1.comhas it's own Apache instance running as apache1 and then > > example2.com has its own instance of Apache as apache2. Is this even > > possible or realistic? I understand the idea of how that would be > secure, > > much like creating a virtual machine to segregate services. The only way > I > > can think how this is done is to chroot each website. What makes this > > request even stranger is that each website will be managed by the same > CMS > > and code base. So with that being the case, I don't see how this is > > possible. Any ideas or insight are very welcome. > > Is there a specific requirement to run different http servers? Because > if there is not then you can just use Suexec+fastcgi. > Otherwise, just use Apache to proxy stuff to backend servers (can be > anything from apache to nginx). > > HTH > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > I do not know the exact reasoning for wanting each website to be run by a separate Apache process that has it's own user. Likely it's a misunderstanding of actual threats to websites, or using a IIS mindset to set requirements for Apache. I'll give Suexec+fastcgi a look and mod_ruid. Thanks for those suggestions While on subject of Apache security... Another request / idea was to have this CMS under development write user controls to .htaccess files to restrict download access to directories. Typically if I even allow any overrides, I set it so apache can only read .htaccess. My understanding of the more obvious implications is that if the web server can write to .htaccess so can any attacker, and then can easily inject malware or redirect the site to malicious content. Is there ever a case where it's safe to allow write access by apache to .htaccess? Does the below config for .htaccess in httpd.conf protect from this at all if write permissions were given on the file system? <Files ~ "^\.htaccess"> Order allow,deny Deny from all Satisfy All </Files> Personally I think that the CMS should handle authorization, and at then possibly rely on Apache for authentication. In the case of this CMS it will be authenticating against a campus SSO through CAS, but access has to be restricted based on user lists. - Trey