Proper security settings for virtual hosting of domains?
 

I have a CentOS 5 server in which I use Virtual Hosting and each domain has its own user/pass for login to upload files.

The path is /var/www/vhosts/[domain name]/httpdocs/

What im attempting is setting up the creation of the [domain name] folder from an administration backend under PHP, which I am developing. What Im worried about is if I allow PHP to run command line commands such as mkdir, then what is stopping anyone from doing the same from their php files on my server???

What is the best way to properly setup my server to allow automated creation of the domain structure within my folder system?

I hope I explained that well enough.. if not, please inquire for further answers.

your task is simple. deny all PHP functions related to shell access and processes management. remove unwanted extensions from PHP that will serve websites. Run web-server(PHP) under minimal privileges: separate user account not having shell and not existing home directory, make sure nothing else runs as webserver user, and webserver cannot write any configs.
Use open_basedir in PHP for each host.

And last, if you are using PHP backend for that, you must be running that under root? Don't do that. In fact, you'd better create a simple shell-script that will write webserver configs, create directories and base files for hosting. If you are going to allow clients to manage their vhosts, that would be quite a different story which I most likely can't really tell you because never messed with it.

Googling also helps, my answer may not be interpreted as a full solution, I may miss some things. Actually, I only described what's needed, you'd have to work it out yourself, according to your webserver and system configuration.

If you'll have further questions, post them back here, I'm sure I can help you with some exact problem.

thanks, that is a good start. My webserver runs as apache:apache and not root so that knocks that out. I now have a starting point. If I run into any snags, ill be sure to come back and see if there is any more knowledge I can extract from here that cant be found on google. :D

in that case, as I mentioned, edit apache user to disable shell and home directory. make sure home directory and client directories owned by other user than 'apache' and then you can start configuring PHP.
List of functions I recommend to disable with apache+mod_php: eval, exec, passthru, popen, proc_open, shell_exec, system
but it's not a complete list. You should write it globally in your php.ini's disable_functions directive.
Make sure you don't have posix functions enabled, if you have, better rebuild PHP with --disable-posix. These functions are potentially dangerouns because they reveal information about your system and users.
I personally never built PHP for apache, but i guess there is an option somewhere in config script, allowing to disable apache_* functions. They are also can be misused, so either try to remove them on building stage or deny them all in php.ini as those from a list above. These functions can be found here: http://ru.php.net/manual/en/ref.apache.php
It's recommended to disable sockets and fsockopen function.