Re: Running Apache sites as separate users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 09/30/2011 03:31 AM, John R Pierce wrote:
> On 09/29/11 6:22 PM, Trey Dockendorf wrote:
>> I had a recent request to improve security on my web servers by having each
>> website use a different user to run the hosting service.  So
>> example1.comhas it's own Apache instance running as apache1 and then
>> example2.com has its own instance of Apache as apache2.  Is this even
>> possible or realistic?  I understand the idea of how that would be secure,
>> much like creating a virtual machine to segregate services.  The only way I
>> can think how this is done is to chroot each website.  What makes this
>> request even stranger is that each website will be managed by the same CMS
>> and code base.  So with that being the case, I don't see how this is
>> possible.  Any ideas or insight are very welcome.
>
> afaik, its only possible to use multiple instances of apache if you have
> multiple IP addresses, each one bound to a different address, or use
> different ports for each site (which would require specifying the :port
> as part of the URL)
>
> I'd strongly question the rationale behind this request.  sounds like
> half-thinking to me.

I wonder if SELinux/sVirt can be used for something like this. sVirt was 
created to isolate running virtual machine instances from one another. 
Something similar should be possible for virtual hosts at least in theory.

Regards,
   Dennis
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux