I am in the process of migrating from a windows system to a LAMP server (openSUSE 11) mostly for security reasons. I have all the web components up and running (Apache with PHP5 and MySQL) but I still have one major hurdle to overcome. It goes like this
I have 3 sites hosted on the same server using name based virtual hosts, they are (just for example):-
served from /home/ian/public_html
linux user ‘ian’ has required permissions on this directory
served from /home/dodgygeezer/public_html
linux user ‘dodgygeezer’ has required permissions on this directory
served from /home/kmoore/public_html
linux user ‘kmoore’ has the required permissions on this directory
In the current config it is possible for a PHP script run on ian.com to access files on either of the other two virtual hosts and the same goes the other way around. Is it possible to prevent this? (I’m sure it must be)
For example can I force any requests for ian.com to be served with the permissions of user ian and any requests for www.twoburgers.com to be served with the permissions of user kmoore. This way the scripts would only be able to access files in their own user directories and not interfere with the other sites.
Each site has its own virtualhost section in httpd.conf so could I configure it there? Or would it be a php configuration?
A bit more hunting around the web has led me to believe that I may need to use PHP differently with apache (not as an Apache module as I am at the moment) and a program called suEXEC.
This looks a bit complicated so I would rather not persue it if I’m barking up entirely the wrong tree. If this IS the correct way to go then learn it I must and any help / suggestions would be greatly appreciated.