views:

781

answers:

3

What is the best practice for setting up a LAMP server in terms of linux users and groups? If there are multiple sites hosted on the same server, is it best to have a single user that owns all site source files (and uploads) that is in the same group as apache - or to have a different user for each site (so that each site has its own crontab)? Or something else entirely?

For some reason, this question never seems to be addressed in PHP/MySQL/Linux books that I've encountered.

+1  A: 

On our platform each site's htdocs etc has it's own user. This means if one site is compromised, the others should be fine.

Kev
+1  A: 

If this is a small number of large sites, you may find that splitting your server into multiple VMs using something like Xen is a better option than simply segregating by user. This will improve the isolation of your sites, and make it easier to move a site to its own hardware if, in future, one starts to become much heavier on resource usage than the others.

Jon Topper
A: 

I assume you don't want to go crazy and get WHM for cPanel and may want to do this inexpesnively.

I think its a best practice to have each user access their space from their own username and group - especially if unrelated users may be using the webserver.

If you have over 10 domains and users and want to keep accounts segregated to their own space, I would consider using Webmin with VirtualMin installed on the server. This easily handles these type of issues, within a nice, free install. Otherwise, you'll have to purchase a commercial product or handle everything manually - a real pain, but it can be done (not recommended for a commercial venture).

Also, Xen and VMS might be overkill, but also not as easy to manage as Webmin/VirtualMin for 10-100+ accounts.

JasonMichael