On Mon, 2005-09-19 at 10:42 +0200, Bèr Kessels wrote:
Hello,
I was wondering if any of you had experiences with a multisite environment on apache, where apache runs in a chrooted vhost environment.
We want to give all hosted sites full UID1 permissions on drupal, meaning that they are allowed (for example) to make PHP pages and blocks. One day there will be a user that abuses that, or tries to root the server with that. So we need to limit the abilities of the user running PHP/drupal. Each multisite will run on a single drupal multisite installation, but with apache as a separate user.
It seems to work out fine, but I wonder if any of you people has more experience with this, and knows if there are any oddities and quirks to be expected.
Chrooted apache is tough, loads of issues until setup, afterwards is OK. Not sure if what you just described makes a lot of sence though. There is an opportunity to mess the permissions. If you have full control of the host, why not trying usermode linux. You will be able to run with little overhead a full "virtual server" for the clients. With cow (copy on write) configured properly for the root filesystem you will achieve similar benefits to what you described above.