Hi guys,
I'm still a newbie and don't know what are the generally accepted practices for achieving the following goal while keeping security in mind:
1. I want to run a web server where my friends can use my Linux box to host their web sites.
I'm planning on using virtual hosts in apache to direct requests to different user directories in /home.
i.e.
www.blah.com --> /home/blah.
www.foobar.com --> /home/foobar
I'd like it to be secure so that users don't have access to another user's directory or my root directories like /etc. or /var, etc.
Preferably, i'd like some users to have shell access and all users have ftp access to their directories (for now please pretend that ftp protocol is secure, i will be switching to sftp or scp). I was looking at using chroot to keep users in their directories but i've read that it's trivial to bust out. Then i read about chroot jails (from the Jail Chroot Project), which are better, but take a lot of work to configure and to make sure they are secure.
Then i thought maybe i'll make it so that no users will have shell access, just ftp access so they can administer their web sites. I would then use the directive DefaultRoot in ProFTPd to chroot the user into their home directory. I think this would be a safe option but of course the user loses functionality because of no shell access.
Any other ideas? What's the best solution?