Hello everyone I need some advice about running/installing Apache 1.3 with PHP 4.2 in safe mode (on Linux). I'm trying to determine the best way of managing several websites on one server. The requirements are that it should be as user friendly as possible but also secure (well then again that's what we all want isn't it :) ).
The basic concept of having users with ftp/shell access to their home directory and a special directory for web to which DocumentRoot of a virtual host on Apache points to is a bit unsuitable. The reason for this is that a lot of hosted web sites have content managers written in PHP, which means that files are being stored by the web server which later need to be displayed online. And if PHP runs in safe mode that becomes a problem since (per default) Apache runs as nobody/nobody and all the files uploaded therefore belong to the same user/group, meanwhile users have their own group (let's say users as in per default). The only possible way, that I thought of, to avoid this would be to make a special group for all www users, which would also include the user under which Apache would run under. For instance: Apache would run as user apache and would belong to group www, all the users would be user1, user2, user3... and would also belong to group www. But I have second thoughts about this since the apache daemon would potentially have more access than the default install (where apache runs under it's own user and group). I can't really think of any now, but I'm sure I overlooked something and would regret it in the long run (or would I?). Any suggestion on this topic and my problem would be greatly appreciated. I did read somewhere that Apache 2.0.x supports running child processes with different users/groups, which would fully eliminate my problem if I would upgrade from version 1.3.x (if that is true I could just define it to run under the same user/group as is the virtual host "owner"), and enable me to run in strict safe mode checks (and not "downgrade" to GID checks). Can anyone confirm that? Thanks in advance, Amadej. -- PHP Install Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
