>>> I'm migrating a web server with a few sites from a CentOS based VPS >>> with a DirectAdmin control panel to an Ubuntu Lucid server. I'm not >>> incredibly bothered about losing the control panel, but I wondered if >>> anyone had any advice on securing PHP scripts so that scripts owned by >>> separate 'site owners' don't interfere with one and other. >>> >>> I've looked at suPHP & ITK-MPM but as I've not used either before I'm >>> not sure of the pros and cons. >>> >>> Anyone out there running this kind of setup with any advice to offer? >> >> If you intend to run more than one site from this server, you might consider >> installing webmin and virtualmin. It'll make this easier. >> >> Install the "apache2-suexec" package if all web files are under /var/www and >> if >> you want PHP scripts to run as the user (site owner). If your files will be >> elsewhere, such as /home/domainname, install "apache2-suexec-custom" and >> configure it for the appropriate root. >> >> You'll need to run PHP as cgi or fastcgi. That means no Apache PHP module, >> and >> using the Apache worker or ITK MPM. >> >> Regards, >> Tyler >> > Thanks again Tyler, I'm going to have to start paying you consultancy! > > I'll do some reading up on this. I've not really had to worry about > random users hosing a server with a dodgy php script before so it's > great to have somewhere to start! > > Chris >
Here's the my current level of understanding! If anyone can fill in the gaps (or correct me if I'm wrong) I'd be really grateful. I can implement PHP as a cgi module and add security by using either suxec or suphp. suexec uses fastcgi and suphp uses cgi. Both basically allow PHP scripts to execute under the permissions of each specific shared hosting user rather than the web server user. mod-php however executes PHP scripts under the web server user account (which isn't good because those scripts can do whatever the web server user can...) By default Apache (in Ubuntu anyway) uses the prefork MPM which uses multiple processes and can only handle 1 thread per process (where a thread handles a request). You can use a worker MPM instead which again uses multiple processes, but can handle multiple threads for each process which makes for better performance and more efficient use of memory. You can't however use mod-php with a worker MPM. mod-php must be executed by the less efficient but default prefork MPM, and installing mod-php will force Apache to use prefork. By utilising PHP via cgi, you separate out script processing from serving web pages. This is good, because if you use the alternative mod-php method, each thread created to handle a process is spawned with the full PHP execution environment loaded even when serving static content. Where fastcgi or cgi are used, when Apache needs a script processing, it sends it off to the cgi server which processes and sends the result back to Apache for Apache to return to the tinterweb! What I'm still hazy on is this: cgi is slower than fastcgi because it (a bit like prefork MPM) has one process per thread (whereas fastcgi can service multiple requests with one process). However...... we want each virtual host to have its own waiting fastcgi process (to separate out script execution to enhance security) standing by to execute PHP scripts. How do we do that? Thanks, Chris -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
