0

this might be a real noob question , but I couldn't find an answer.

when using regular PHP , if we execute echo `whoami`; it outputs apache. but when suPHP enabled, above code will output the user's name. I'm wondering how this helps to improve security of a website.

lasan
  • 199
  • 1
  • 13
  • It's mainly beneficial for shared hosting environments. Each vhost has it's own user, thus the owner of siteA.com cannot view/modify siteB.com in any case, since he is not the owner. If both sites would run under `apache`, the owner of siteA.com could see (and perhaps even alter) the content of siteB.com without too much effort. – Oldskool May 31 '16 at 11:42
  • 1
    I'm voting to close this question as off-topic because it's not programming related. It would be a better fit for http://security.stackexchange.com/ – Oldskool May 31 '16 at 11:48
  • @Oldskool thanks ! solved my problem, will check that community too. – lasan May 31 '16 at 18:13

1 Answers1

1

for shared hosting, there are multiple sites on one server.

Running as Apache / httpd you have many other people running as the same user. So User 1 can see and maybe even modify user 2's files.

When running as individual users you have much more control of who can access each file.

More important files are config ones eg database connections. Without the separation any user on that host can access any config file owner readable by apache.

Even in a non shared environment running as a user gives much more fine grained permissions. This is useful to give the user just as much access as it needs, limiting the damage if someone is able to execute commands though the web server.

exussum
  • 18,275
  • 8
  • 32
  • 65