[drupal-devel] multihost chrooted apache

Adrian Rossouw adrian at bryght.com
Mon Sep 19 17:13:20 UTC 2005

Hash: SHA1

On 19 Sep 2005, at 10:42 AM, Bèr Kessels wrote:
> We want to give all hosted sites full UID1 permissions on drupal,  
> meaning that
> they are allowed (for example) to make PHP pages and blocks.
> One day there will be a user that abuses that, or tries to root the  
> server
> with that. So we need to limit the abilities of the user running  
> PHP/drupal.
> Each multisite will run on a single drupal multisite installation,  
> but with
> apache as a separate user.

Isn't apache using fastcgi a better idea ?

That way you can run each apache process as the user account the site  
belongs to, and set the permissions to only allow them write access  
to their own sites dir.

You will also only have 1 chrooted environment.

Also, for security, I recommend setting the db username and password  
using setenv in the apache virtualhost .

- --
Adrian Rossouw
Drupal developer and Bryght Guy
http://drupal.org | http://bryght.com

Version: GnuPG v1.2.4 (Darwin)


More information about the drupal-devel mailing list