Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
If I have two VirtualHosts on my Apache server, how would I configure the security so that a script on one site cannot access files outside of its root directory? I do not want one customer's code to have the ability to read or write another customer's files.
If you create a separate user for each virtual site, then by default, any script running on one site will not have permission to access any other sites, because it will be running as that user.
For example, I have 10 virtual hosts running, and 10 users.
site1 user1
site2 user2
site3 user3
etc
set up the virtual host so that it's document root is inside the users home directory :
Code:
<VirtualHost *:80>
ServerName www.domain1.com
ServerAlias domain1.com
ServerAdmin me@domain1.com
DocumentRoot /home/user1/domain1/www/html
RewriteEngine on
<Directory /home/user1/domain1/www/html/>
Allow from all
AllowOverride All
Order allow,deny
</Directory>
SetEnv SITE_ROOT /home/user1/domain1
SetEnv SITE_HTMLROOT /home/user1/domain1/www/html
</VirtualHost>
<VirtualHost *:80>
ServerName www.domain2.com
ServerAlias domain2.com
ServerAdmin me@domain2.com
DocumentRoot /home/user2/domain2/www/html
RewriteEngine on
<Directory /home/user2/domain2/www/html/>
Allow from all
AllowOverride All
Order allow,deny
</Directory>
SetEnv SITE_ROOT /home/user2/domain2
SetEnv SITE_HTMLROOT /home/user2/domain2/www/html
# cgi configuration
ScriptAlias /cgi-bin/ /home/user2/domain2/www/cgi-bin/
<Directory /home/user2/domain2/www/cgi-bin/>
Options +ExecCGI
AddHandler cgi-script cgi pl
AllowOverride All
</Directory>
SetEnv SITE_CGIROOT /home/user2/domain2/www/cgi-bin
</VirtualHost>
That's ok.
That config works perfectly on Apache 2.0 but you may need to check it on 2.2
It should be fine though. Not much changed outwardly (that I found anyway), other than defaulting to putting virtual hosts in include files instead of the main httpd.conf
Ok, thanks. It looks like it works. What about access to other directories, though (not under /home)? The user can still read most files on the server via "fopen()" in php. Is there any way to block that?
<Directory /home/user1/domain1/www/html/>
Allow from all
AllowOverride All
Order allow,deny
php_admin_value open_basedir /home/user1/domain1/www/html
</Directory>
Or add the following to php.ini
disable_functions = readfile,system
Hmmm, it seemed to work fine on my development box, but now on the production server it does not seem to be working. Any user is able to write a simple PHP script and they can view the files and directories of all other users. I noticed that the user directories have o+rx access, but if I remove the o+r or o+x access from the user directories, then their sites do not load at all.
I am having trouble understanding this and would love to understand it better because it may solve some problems for me.
Are you saying that under this setup, the scripts called by the web server will run as the user who owns these home directories instead of the user that runs apache? (wwwrun, apache, ...)
It's entirely possible that I am misunderstanding the goal here.
The script runs as whoever called it. It is the individual users responsibility to set the correct permissions.
In the case of the virtual hosts, if they were all under one user (apache for instance), then it would be impossible to seperate one hosts files from another, permission-wise. Hence having seperate user directories. Each user can set permissions as they require. If a file or directory is not world readable then apache can't read it.
ok, that is what I thought.
I would like to some day figure out how to run multiple instances of Trac using virtual hosts while providing some sort of security but I don't think it is possible since the web server user has to be able to write to the svn repos.
I am sorry for the confusion. This is my setup: I have moved all of the web directories to /home/userx/ (with userx being the owner of the site). The permissions on the user directories (and the subsequent subdirectories and files) are rwx-r-xr-x and they are owned by the owner and group of the respective site. How can I set the permissions so that these users will not be able to see each other's files (and, if possible, user directories as well)?
The permissions on the user directories (and the subsequent subdirectories and files) are rwx-r-xr-x and they are owned by the owner and group of the respective site.
The biggest problem is that you've got them world readable, and worse, world executable. What you probably want to do is set the permissions to 750 so that only owner and group have access and then you want to change the group ownership so that the apache group is allowed access rather than the user's group. So essentially you'll end up with those directories as rwx-r-x--- owner:apache.
It doesn't matter if the directory is world readable. It's the files inside that matter, and whenever I create a file as a user, it is automatically set up as 664. If I don't want other users, including apache to read it I chmod it 660. It is really no different than normal user permissions. If you want to completely isolate each site from each other, then you will have to chroot jail each user, or go down the VPS route.
The problem with having apache as the owner is that you can't seperate permissions from one site to the next. If apache has permission, then it has permission. How do you stop one sites scripts from accessing another sites files, when apache is the common denominator ?
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
