[drupal-devel] multihost chrooted apache

Adrian Rossouw adrian at bryght.com
Mon Sep 19 17:13:20 UTC 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 19 Sep 2005, at 10:42 AM, Bèr Kessels wrote:
>
> We want to give all hosted sites full UID1 permissions on drupal,  
> meaning that
> they are allowed (for example) to make PHP pages and blocks.
> One day there will be a user that abuses that, or tries to root the  
> server
> with that. So we need to limit the abilities of the user running  
> PHP/drupal.
> Each multisite will run on a single drupal multisite installation,  
> but with
> apache as a separate user.

Isn't apache using fastcgi a better idea ?


That way you can run each apache process as the user account the site  
belongs to, and set the permissions to only allow them write access  
to their own sites dir.

You will also only have 1 chrooted environment.


Also, for security, I recommend setting the db username and password  
using setenv in the apache virtualhost .


- --
Adrian Rossouw
Drupal developer and Bryght Guy
http://drupal.org | http://bryght.com


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFDLvGogegMqdGlkasRAgJPAJ98oDxqQlijYVFFE7vdEGJXOxDb3QCeMeu3
rGZfJtyuWfdphz9yP9Q4Axc=
=1g5d
-----END PGP SIGNATURE-----



More information about the drupal-devel mailing list