-1

Is there a recommended way to configure apache to serve three separate user sites as well as allow them to upload/modify their own files without having access to each other files?

I see reference to configure /var/www and other references to configure /home/user as well as using www-data:www-data for folders and others saying not to use www-data access.

It's very confusing to know which is the correct method with best security practices in mind.

Here's what I'm leaning towards:

<VirtualHost *:80>
DocumentRoot /home/john/public_html
ServerName www.example.com
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /home/jane/public_html
ServerName www.example.net
</VirtualHost>

<VirtualHost *:80>
DocumentRoot /home/bob/public_html
ServerName www.example.org
</VirtualHost>

The installation of wordpress (using WP as example. I'm sure other open source software is similar) requires access to modify configuration as well as automatic core/plugin updates and will need access to certain folders for uploads.

Should the permissions be set at john/jane/bob folder or the public_html folder?

Charles
  • 3
  • 4

1 Answers1

0

Take a look at suphp. You can run this extension in apache that will run the php process user under the users account, instead of a shared apache account which will give the process permission to update the files.

http://www.suphp.org/Home.html

This is typically one of the best solutions on a shared hosting environment.

Otherwise, you could just change the owner of the public_html folder to be the same as the user running apache, but this is not as secure as the above.

Aaron A
  • 535
  • 7
  • 20