5

How can I configure my User/Group/Permission setup for shared webhosting on linux to prevent permission between webserver and user accounts?

view full story
linux-howto

http://serverfault.com – I have one Linux LAMP webserver (Ubuntu) with some websites on it. They all run within the same apache2 instance and are accessible by different vhosts. Most of them are run by myself, but I also have some friends websites hosted there. I want and use to have separate user accounts for different websites to manage files, cronjobs etc. The webserver runs as www-data. Now most of the files/directories don't require write permissions by the website, but some do. I am okay with separately setting those to writable with the user I use to manage the files. In fact i prefer it that way. Howeve (HowTos)

xskl's picture
Submitted by xskl on 02/26/2012 – Made popular on 02/26/2012

Stories similar to How can I configure my User/Group/Permission setup for shared webhosting on linux to prevent permission between webserver and user accounts?

Hi guys,

cPanel have a major security risk regarding how php handler is configure: DSO or suPHP.

As DSO configuration the risk is the hacker can access to the webserver folder of all users, because the PHP is executed with nobody permissions for all accounts.

As suPHP the webserver is execute with the user account permissions, so it can access to mail folder.

I think the best way is the suPHP

Securing iis 8 nt permissions 19 weeks 5 days ago

I have an win2012/IIS 8 webserver which I am trying to secure.

I have a RedHat Linux webserver with 64GB Ram and a 500GB Harddisk. I am running a webserver with 10 websites.

I have no problem with 9 of the websites. One of the website just loads slower than the others. I have seen the top output and it does not show any discrepancies.

How do I check !

Hello, I'm working on moving accounts from an old cPanel server to a new one. The thing is, only few accounts are actually using it as a webserver, most are just using the email and dns functions.

I always gave to the webserver user full permissions on these dirs:

cache/ logs/ web/uploads/

But now I am wondering if the uploads part is 0K. I was thinking that maybe it would be better if I use a .tmp file for each upload, and then put them in a queue to be moved to uploads/, and do the same for deletions (the queue will be read and validated by a different user).

Is there a command that allows a user to temporarily have root permissions but files and directories created by the user still reflects the user rather than root?

For example, I have a user that needs to install some software (Glassfish), but the self-extracting installer returns an error "permission denied".

Guys, i wanna get any user files with write permission (on user or group permission) for review but i confuse with -perm parameter. any body can help me to explain what is that mean?

thank's

I'm managing multiple websites, most based on WordPress and all are based on LAMP stack. I'm moving all my websites to Amazon cloud. I'm new to AWS and my plan is moving 1 website by one, starting with my smallest website.

My question is should I put all my site on 1 EC2 instance and or 1 website on 1 separate instance?

This probably sounds stupid since anyone would definitely choose the l

What is the correct way to set up directories to allow user uploads on Linux? My websites upload dir is 755, but Linux naturally doesn't let files be written to this directory except by the user. So should I change the directory to 777 or do some kind of group manipulation? Bare in mind, I don't want to open myself up to any security risks.