Running Apache2 virtual hosts as different users with mpm-itk

Posted: June 11, 2011 by Hacking & Relax in Sec webserver, Tutorial
Tags:

apache2-mpm-itk is an MPM (Multi-Processing Module) for the Apache web server. mpm-itk allows you to run each of your vhost under a separate uid and gid — in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts.

1. Install the apache2-mpm-itk package

apt-get install apache2-mpm-itk

2. Configure user and group for each virtual host by adding the following line somewhere between <VirtualHost *:80>…</VirtualHost>

AssignUserId [user] [group]

Replace [user] and [group] with a username and group name that already exists on the system.

3. Change the owner of the web root

chown [user].[group] [location]

Replace [user] and [group] with the username and group name configured on the virtual host. Replace [location] with the location specified as DocumentRoot for the virtual host, eg. /var/www

4. Make sure the location isn’t accessible by other users (optional)

chmod o= [location]

Replace [location] with the location specified as DocumentRoot for the virtual host, eg. /var/www

5. Restart apache

/etc/init.d/apache restart

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s