I am planning to create a share hosting server that I will use for my clients with NGiNX server. I was wandering if anyone had any pointers to help me get started. And how I can secure de different accounts so no one can hack anyones other accounts?
Asked
Active
Viewed 180 times
1 Answers
2
The issue has less to do with nginx and more to do with your shell permissions and backend scripts.
Will your users have ssh access? If so, you will definitely want to setup chroot jails for them to prevent them from executing scripts or modifying files outside of their own directory.
Similarly, chroot jails will affect scripts (i.e. PHP files) from having access to files outside of the user's own directory.
You cannot use nginx to prevent scripts from modifying files not belonging to the user, but if I understand you correctly, you should be able to accomplish this via jailshells.
If you are working solely with PHP, you might also be able to use the open_basedir directive.
Marco
- 4,345
- 6
- 43
- 77
-
1Make sure PHP runs under its own user. You can also disable PHP functions (via php.ini settings) such as exec() or opening/writing files or reading/moving directories. `open_basedir` is also worth looking into. At the end of the day, however, the best option is to create a jail for every user to lock them into their directory. – Marco Nov 16 '11 at 22:39