[drupal-devel] multihost chrooted apache

vlado vlado at dikini.net
Mon Sep 19 16:59:10 UTC 2005


On Mon, 2005-09-19 at 10:42 +0200, Bèr Kessels wrote:
> Hello,
> 
> I was wondering if any of you had experiences with a multisite environment on 
> apache, where apache runs in a chrooted vhost environment.
> 
> We want to give all hosted sites full UID1 permissions on drupal, meaning that 
> they are allowed (for example) to make PHP pages and blocks. 
> One day there will be a user that abuses that, or tries to root the server 
> with that. So we need to limit the abilities of the user running PHP/drupal.
> Each multisite will run on a single drupal multisite installation, but with 
> apache as a separate user. 

> It seems to work out fine, but I wonder if any of you people has more 
> experience with this, and knows if there are any oddities and quirks to be 
> expected.

Chrooted apache is tough, loads of issues until setup, afterwards is OK.
Not sure if what you just described makes a lot of sence though. There
is an opportunity to mess the permissions.

If you have full control of the host, why not trying usermode linux. You
will be able to run with little overhead a full "virtual server" for the
clients. With cow (copy on write) configured properly for the root
filesystem you will achieve similar benefits to what you described
above.





More information about the drupal-devel mailing list