On Wed, 2 May 2007, Dan Mensom wrote:
Has anyone set up any form of apache user isolation on CentOS? I
have multiple virtual hosts on my machine, run by users who do not
trust eachother. The problem is that any php script run by apache is
able to do things like raw file io on other users' .htpasswds, php
scripts, hidden directory listings, and so on. Database passwords
can even be divulged in this way, since they are often stored in
.php scripts, which can be read "in the raw" as files by other php
scripts.
What is the easiest method for dealing with this? I found
http://webauth.stanford.edu/manual/mod/perchild.html but it does not
seem to be compiled with the CentOS 5 apache, and I've read
elsewhere that php has issues with mutlithreaded apache. Is there
any easy way to isolate individual users, by either having apache
setuid, or chrooting php scripts, or (ugh) a clean way to run a new
apache copy for each vhost?
One "using a canon to kill a fly" approach would be
* each vhost runs Apache under a vhost-specific uid/gid and
bound only to the loopback interface on a port you
assign, e.g.,
vhost01 -- User vhost01, Group vhost01, Listen 127:0.0.1:6001
vhost01 -- User vhost02, Group vhost02, Listen 127:0.0.1:6002
* the main apache does little but reverse proxy all the
vhosts out to the Internet.
<VirtualHost *:80>
ServerName vhost01.domain
ProxyRequests Off
ProxyPass / http://localhost:6001/
ProxyPassReverse / http://localhost:6001/
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
</VirtualHost>
Given the right file permissions, no vhost would have access to
another except via HTTP.
Downside: You're essentially doubling the number of Apache processes
on your system. Another Upside: Configuration blunders in the vhosts
won't throw errors in your main server process.
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
