-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 19 Sep 2005, at 10:42 AM, Bèr Kessels wrote:
We want to give all hosted sites full UID1 permissions on drupal, meaning that they are allowed (for example) to make PHP pages and blocks. One day there will be a user that abuses that, or tries to root the server with that. So we need to limit the abilities of the user running PHP/drupal. Each multisite will run on a single drupal multisite installation, but with apache as a separate user.
Isn't apache using fastcgi a better idea ? That way you can run each apache process as the user account the site belongs to, and set the permissions to only allow them write access to their own sites dir. You will also only have 1 chrooted environment. Also, for security, I recommend setting the db username and password using setenv in the apache virtualhost . - -- Adrian Rossouw Drupal developer and Bryght Guy http://drupal.org | http://bryght.com -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (Darwin) iD8DBQFDLvGogegMqdGlkasRAgJPAJ98oDxqQlijYVFFE7vdEGJXOxDb3QCeMeu3 rGZfJtyuWfdphz9yP9Q4Axc= =1g5d -----END PGP SIGNATURE-----