[ubuntu-uk] PHP security
christopherrowson at gmail.com
Fri Jun 11 00:00:17 BST 2010
>> I'm migrating a web server with a few sites from a CentOS based VPS
>> with a DirectAdmin control panel to an Ubuntu Lucid server. I'm not
>> incredibly bothered about losing the control panel, but I wondered if
>> anyone had any advice on securing PHP scripts so that scripts owned by
>> separate 'site owners' don't interfere with one and other.
>> I've looked at suPHP & ITK-MPM but as I've not used either before I'm
>> not sure of the pros and cons.
>> Anyone out there running this kind of setup with any advice to offer?
> If you intend to run more than one site from this server, you might consider
> installing webmin and virtualmin. It'll make this easier.
> Install the "apache2-suexec" package if all web files are under /var/www and if
> you want PHP scripts to run as the user (site owner). If your files will be
> elsewhere, such as /home/domainname, install "apache2-suexec-custom" and
> configure it for the appropriate root.
> You'll need to run PHP as cgi or fastcgi. That means no Apache PHP module, and
> using the Apache worker or ITK MPM.
Thanks again Tyler, I'm going to have to start paying you consultancy!
I'll do some reading up on this. I've not really had to worry about
random users hosing a server with a dodgy php script before so it's
great to have somewhere to start!
More information about the ubuntu-uk