Best IT Recipes

Linux users and groups for the LAMP server

What is the best practice for setting up a LAMP server from the perspective of Linux users and groups? If there are several sites on the same server, is it better to have one user who owns all the source files (and downloads) of the site that are in the same group as apache, or have a different user for each site (so each site has its own crontab)? Or something else?

For some reason, this question is never covered in the PHP / MySQL / Linux books I've come across.

+6
linux php apache lamp
Oct 06 '08 at 15:17
source share
5 answers

On our platform, every htdocs site, etc. has own user. This means that if one site is hacked, others must be in order.

+1
Oct 06 '08 at 15:38
source share

If this is a small number of large sites, you may find that splitting your server into multiple virtual machines using something like Xen is a better option than just user splitting. This will improve the isolation of your sites and make it easier to move your site to your own equipment if it becomes much harder to use resources in the future than others.

+1
Oct. 06 '08 at 15:44
source share

I assume that you do not want to go crazy and get WHM for cPanel and you might want to do it inexpesnively.

I think it’s best for each user to access their space from their own username and group β€” especially if unrelated users can use the web server.

If you have more than 10 domains and users and you want the accounts to be divided in their own space, I would prefer to use Webmin with VirtualMin installed on the server. It easily copes with these problems as part of a free installation. Otherwise, you have to buy a commercial product or process everything manually - a real pain, but it can be done (not recommended for a commercial enterprise).

In addition, Xen and VMS can be excessive, but also not as easy to manage as Webmin / VirtualMin for 10-100 + accounts.

0
Oct 06 '08 at 18:40
source share

The best choice is to create VirtualHost for each domain using Apache with the suPHP module. Thus, each site will belong to the user and run with the rights of this user. The webroot of each site should be placed under the homedir user to prevent a local attack.

If you use the same user for each website, this means that the user from site A can access read / write to the website files.

0
Mar 02 '14 at 16:00
source share

For several years I was engaged in some kind of small hosting, and my answer: "It depends."

First of all, there is a difference between Apache Module (mod_php). CGI and FastCGI. A good list with all the pros and cons can be found here: Apache php modes

When it comes to security, all modes have pros and cons.

Since we occupied a relatively small number of domains with moderate traffic, I decided to stay with mod_php and use the vhost configuration.

I also used different FTP users for each vhost root directory (of course).

Configuring vhosts (one for each client) allows you to disconnect domains in a simple way, without making your way through the ridiculously large httpd.conf and creating errors on the way.

0
May 20 '14 at 19:05
source share


More articles:


All Articles