[CentOS] Apache security , Was: Running Apache sites as separate users

Fri Sep 30 02:57:52 UTC 2011
Trey Dockendorf <treydock at gmail.com>

On Thu, Sep 29, 2011 at 9:35 PM, Lucian <lucian at lastdot.org> wrote:

> On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf <treydock at gmail.com>
> wrote:
> > I had a recent request to improve security on my web servers by having
> each
> > website use a different user to run the hosting service.  So
> > example1.comhas it's own Apache instance running as apache1 and then
> > example2.com has its own instance of Apache as apache2.  Is this even
> > possible or realistic?  I understand the idea of how that would be
> secure,
> > much like creating a virtual machine to segregate services.  The only way
> I
> > can think how this is done is to chroot each website.  What makes this
> > request even stranger is that each website will be managed by the same
> > and code base.  So with that being the case, I don't see how this is
> > possible.  Any ideas or insight are very welcome.
> Is there a specific requirement to run different http servers? Because
> if there is not then you can just use Suexec+fastcgi.
> Otherwise, just use Apache to proxy stuff to backend servers (can be
> anything from apache to nginx).
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos

I do not know the exact reasoning for wanting each website to be run by
a separate Apache process that has it's own user.  Likely it's a
misunderstanding of actual threats to websites, or using a IIS mindset to
set requirements for Apache.

I'll give Suexec+fastcgi a look and mod_ruid.  Thanks for those suggestions

While on subject of Apache security... Another request / idea was to have
this CMS under development write user controls to .htaccess files to
restrict download access to directories.  Typically if I even allow any
overrides, I set it so apache can only read .htaccess.  My understanding of
the more obvious implications is that if the web server can write to
.htaccess so can any attacker, and then can easily inject malware or
redirect the site to malicious content.  Is there ever a case where it's
safe to allow write access by apache to .htaccess?  Does the below config
for .htaccess in httpd.conf protect from this at all if write permissions
were given on the file system?

<Files ~ "^\.htaccess">
    Order allow,deny
    Deny from all
    Satisfy All

Personally I think that the CMS should handle authorization, and at then
possibly rely on Apache for authentication.  In the case of this CMS it will
be authenticating against a campus SSO through CAS, but access has to be
restricted based on user lists.

- Trey