>> I'm migrating a web server with a few sites from a CentOS based VPS >> with a DirectAdmin control panel to an Ubuntu Lucid server. I'm not >> incredibly bothered about losing the control panel, but I wondered if >> anyone had any advice on securing PHP scripts so that scripts owned by >> separate 'site owners' don't interfere with one and other. >> >> I've looked at suPHP & ITK-MPM but as I've not used either before I'm >> not sure of the pros and cons. >> >> Anyone out there running this kind of setup with any advice to offer? > > If you intend to run more than one site from this server, you might consider > installing webmin and virtualmin. It'll make this easier. > > Install the "apache2-suexec" package if all web files are under /var/www and > if > you want PHP scripts to run as the user (site owner). If your files will be > elsewhere, such as /home/domainname, install "apache2-suexec-custom" and > configure it for the appropriate root. > > You'll need to run PHP as cgi or fastcgi. That means no Apache PHP module, and > using the Apache worker or ITK MPM. > > Regards, > Tyler > Thanks again Tyler, I'm going to have to start paying you consultancy!
I'll do some reading up on this. I've not really had to worry about random users hosing a server with a dodgy php script before so it's great to have somewhere to start! Chris -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
