What's the recommended method of doing Apache based PHP virtual hosting installations where each site would have one and just one user allocated for it?
- Read and execute for one user per site only (not
www-data
or all users) /srv/www
installation folder (not/home
, the user does not have a shell)- Write access limited to one folder
As I believe this would add some security against the cases where one site get compromised on a shared host.
I'd be grateful for pointers to tools, tutorials, etc.
Why not
/home
, just because the user doesn't have a shell? The whole process is quite straightforward, you just create the user-per-site, make the permissions appropriately, and then, most importantly, run PHP as the user (with suPHP or php-fpm). Sudo really never comes into it.