1

I would like to run many VHOSTS with my lighttpd webserver.

I don't know how to chroot each vhost.

At the moment all the vhosts can read files owned by other vhosts, I don't think it's really sure!

Is there something you could advise?

At the moment for each vhost i create a new user, like:

website1.com:lighttpd
website2.com:lighttpd
website3.com:lighttpd

so different user with the same group (lighy run with lighttpd:lighttpd permissions)

Caleb
  • 11,813
  • 4
  • 36
  • 49
Damiano
  • 11
  • 1
  • 3
  • 1
    Perhaps you can do it the other way around, create user and group website1, and make user lighttpd be part of each website group. That will make lighty be able to utilize the group permissions, but not the other website-users – 3molo Apr 26 '11 at 09:17

1 Answers1

1

If website1.com, website2.com, ... and so on are not members of the lighttpd group and you set the permissions with chown u+rwx,g+rX,g-w,o-rwx (so files permissions will be rwxr----- and directories rwxr-x---) users of each vhost shouldn't be able to access, each other files.

pconcepcion
  • 334
  • 6
  • 16
  • 1
    so for you is better this implementation or ACL ? thank you so much! – Damiano Apr 26 '11 at 09:25
  • @Damiano, well... ACL gives you more **fine grained** permissions... so in a way it's more flexible, and you can set more precisely **who can do what**, if your setup needs this kind of selection, that would be a better approach, if not, traditional unix permissions are well know and work fine. – pconcepcion Apr 26 '11 at 09:35
  • thank you really much! I'm tring ACL, I think are good for my scope and as you told more flexible. I don't think it will touch the server performance, right? – Damiano Apr 26 '11 at 09:58
  • @Damiano, you are welcome. As ACL is a more **complex system** is expected to have some **impact on performance**, a **quick search** took me to [this](http://www.suse.de/~agruen/acl/linux-acls/online/) where you can see some numbers on **Linux ACL performance**, anyway if you can the best is to run **your own benchmarks** and see the impact it has on **your setup**. – pconcepcion Apr 26 '11 at 10:14