I'm currently setting up an hosting service and, for now, i'm very concern about security. Here is my situation :
I've set up multiple apache's vhost and for obvious security reason, i don't want to let a user access others' data by moving around via php's system's function.
That's why i've set open_basedir in each of my vhost. Nevertheless, I'm still concerned with one major security leak : exec function.
So after some research, i've found that you can use disable_functions in php.ini to , like his name told us, disable some function. I've foud this list of function to disable who seams pretty complete :
disable_functions = "apache_child_terminate, apache_setenv, define_syslog_variables,
escapeshellarg, escapeshellcmd, eval, exec, fp, fput, ftp_connect, ftp_exec, ftp_get,
ftp_login, ftp_nb_fput, ftp_put, ftp_raw, ftp_rawlist, highlight_file, ini_alter,
ini_get_all, ini_restore, inject_code, mysql_pconnect, openlog, passthru, php_uname,
phpAds_remoteInfo, phpAds_XmlRpc, phpAds_xmlrpcDecode, phpAds_xmlrpcEncode, popen,
posix_getpwuid, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid,
posix_setuid, posix_uname, proc_close, proc_get_status, proc_nice, proc_open,
proc_terminate, shell_exec, syslog, system, xmlrpc_entity_decode"
But, i don't feel right about limiting php for my users. So, two questions :
- Do you think this is a bloquant situation for most of CMS and other web-application ?
- If so, is there an other way to isolate each vhost data ?
PS : I've looked for suexec and other's but i think they will not fit beacaus i'm expeting 100 to 200 users on my server and i don't want to create and manage a system account for each one.
In web hosting industry, especially in shared hosting environment, disabling certain php function is very common due to security reasons. Following are the most common php functions which are blocked:
Also, it is better to manage users separatly for each website becuase then you can easily identify who is doing wrong if anything goes wrong in the server.
For that you can use SuPHP: http://www.techtrunch.com/installations/compile-apache-suphp-ubuntu http://www.inmotionhosting.com/support/website/general-server-setup/what-is-suphp
Also you can consider following values in php.ini in order to make your server more secure:
allow_url_fopen
- disables the ability to open files via an URLsession.save_path
- sets the path were php stores its session filesopen_basedir
- sets the path were php scripts are allowed to open filesExec only execute functions trough the user executing php. And apache offer a way to execute each vhost as different users (https://askubuntu.com/a/899192/862510), so you can make a user per vhost and control their respective rights, including folders rights.