Re: Apache security , Was: Running Apache sites as separate users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Thu, 29 Sep 2011 21:57:52 -0500
Trey Dockendorf <treydock@xxxxxxxxx> wrote:

> On Thu, Sep 29, 2011 at 9:35 PM, Lucian <lucian@xxxxxxxxxxx> wrote:
> 
> > On Fri, Sep 30, 2011 at 2:22 AM, Trey Dockendorf <treydock@xxxxxxxxx>
> > wrote:
> > > I had a recent request to improve security on my web servers by having
> > each
> > > website use a different user to run the hosting service.  
> ....
> 
> I'll give Suexec+fastcgi a look and mod_ruid.  Thanks for those
> suggestions

Also check http://mpm-itk.sesse.net/ . It's neat in a sense that users
don't have to fiddle with file permissions, but has a danger that a badly
written php code gives attacker access to all files that $USER owns.



-- 

Jure Pečar
http://jure.pecar.org
http://f5j.eu
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux