What are the security implications of the below apache conf file

Question

I have a situation where I want to share a codebase when accessing via a subdomain.

sub1.example1.com shares sub1.example2.com

Both example1.com and example2.com have there on virtual host file. I have changed the document root of example1.com to point to the same as example2.com. However this was causing problems with suPHP.

To solve the problem I have added the following directives below to solve the suPHP problems. Its working its just I'm not entirely sure about the security problems or if there are any?

added directives ( added in include file of example1.com virtual host )

DocumentRoot /home/example2/sub1
<IfModule mod_suphp.c>
    suPHP_UserGroup example2 example2 ( changed from example1 example1 )
</IfModule>
<IfModule !mod_disable_suexec.c>
    <IfModule !mod_ruid2.c>
        SuexecUserGroup example2 example2 ( changed from example1 example1 )
    </IfModule>
</IfModule>

I hope that makes sense.

Thanks

Joe

Answer 1

Both of your domains will run with user/group combo of example2:example2, that's the only security implication of the shown config.

I don't know whats the purpose of having 2 different vhost files for two subdomains, you could have just use:

ServerName sub1.example2.com
ServerAlias sub1.example1.com

and be done with it.

But, if you have some customizations that have to be different, that justifies different vhost files, and in that case, implications are that user accessing different host may have privileges to do things you specifically forbid in another vhost. But, without whole vhosts we can only speculate about it.