Hello,

I'm planning to setup an Apache server with PHP under Linux in a way enabling multiple users to run their own programs (PHP!) but let them only have access to their own files. I mean the typical configuration of a mass webhoster, just a bit smaller...

Now I already intensively searched on this for some time - without any success :-(

  • I can't use suEXEC, since it doesn't run with PHP. (So says i.e. a user note on php.net) I believe it's because suEXEC won't accept the access rights (anyone may read) of the php binary. (It didn't work in my some tests.)

  • Though I could compile the Apache2 MPM module, but then PHP didn't want to compile as module, saying anything with multi-threading isn't correct.

  • safe_mode is inacceptable, it doesn't provide the security I need and seems to be incompatible or makes too much limits.

I found some suEXEC patches (latest for current Apache 1.3.27) at www.localhost.nl that shall make suEXEC PHP-able. I'll have to test it. But the Apache doc urgently encourages me to use the unchanged code for security reasons etc. Moreover, I'd get dependable of those patches with every new Apache release (mostly fixing considerable security issues). And it's Apache1 only.

So can anyone explain me, how the "big ones" do this? Seems there must be a way to make an Apache/PHP environment multi-user-safe, without restricting PHP programmes too far. At least my provider (1&1) can do anyhow...

BTW, I'm quite sure that I'll use PHP 4.3.1 (to current situation), but which Apache is "better"? 1 or 2? I can't see that much differences right now...

TIA
Yves Goergen
www.unclassified.de

    Write a Reply...