Secure Apache Site Permissions
Question
I saw a recommendation in an article on website security that separate websites running on a web server should be running under separate users for containment, and to limit a breach on one site leading to infection of the other sites.
I am running an Ubuntu 20.04 LAMP server with public internet exposed personal websites. They are set up as virtual hosts in Apache under /var/www/, but all are running using the standard www-data:www-data user and group. How would it work to run them under different user accounts?
Do I simply create a new user & group, then chown the /var/www/directory to be owned by that user? How would that work with allowing Apache permissions to write to the sub-dirs then for patches, uploads, etc?
1 answers
solution1
0 ACCPTED 2021-01-24 23:11:34
Apache has it's own user and group (www-data or others according to the distribution it's runnin on). To achieve what you want, you need to create a user for each virtualhost and make sure apache can read/write file/folders owned by this new user for example putting apache group into the new user's group (or the other way around, according to how you want to handle permissions).
The logic "behind" is exactly the same you use to handle linux users and group permissions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.