We are trying to find a way to host content that's not managed by us on our server, and want to take necessary security precautions.
As of right now, we are thinking about creating a chroot'ed user named 'apache3' and giving it a folder folder somewhere in /stuff/othergroup/.
After doing that we plan to put all php code somewhere in /stuff/othergroup/var/httpd/insecureapplication and setup our primary apache server to run run a separate virtual host under a user apache3:not_us with document root of /stuff/othergroup/var/httpd/insecureapplication
Will this kind of setup work? Is there a better setup for this sort of thing? How do VPS hosting providers like hostgator configure their boxes for this sort of thing?
Setting up a new user and ensuring that proper permissions are setup for it i.e. that it doesn't have rw privileges on anything other than
/stuff/othergroup/var/httpd/insecureapplicationshould be fine. Then again, I don't know exactly what kind of operations that the other group will be doing.Locking down with proper ownership, permissions and ensuring they don't have sudo access should be plenty though to ensure they won't interfere with anything else.