One way to keep your blog going should be writing about your day. Today, I think we have found a solution to what we have been looking for months.
Suppose you have shared web hosting environment, where you create unix users and they should access to their files and their files only. They have SSH, FTP, SFTP access to their folder, and they can create virtual hosts with web-roots within their home dir.
So you want to restrict each user and create a stable system.
On user restriction your options are;
- On PHP: Safe Mode, Open_base_dir, php_admin_flag disable exec
- On Apache: CGI, SuExec, SuPHP, MPM-PERUSER, MPM-ITK
- On Linux: Chroot, Rbash, Jailkit, SELinux, AppArmor, Grsecurity
I am not going to tell you why so many of them are not complete solutions to our problem because you can click here to read it.
Though, I am going to tell you the exact solution to this problem: use mpm-itk and Grsecurity and nothing from php.ini (forget about safe_mode it is depreceated recently with PHP 5.3). So here is how:
- Create distinct username and usergroup for each user (useradd -s /bin/false -m -d /user/mike mike)
- Make mpm-itk assign mike:mike to mike.domain.com
- Install GrSecurity
The things that I haven’t mentioned are not good solutions. I can guarantee you that. You have enough keywords to do your own research.
Be happy and safe.
