How to Secure User Accounts in Shared Hosting Environment

  • Create a dedicated user/group for running LiteSpeed Web Server, for example like “lsws/lsws”. Reinstall LSWS if needed. There might be other services running as user “nobody”, it is better to set up a dedicated user account for LSWS. This account should have login shell disabled, same as “nobody”.
  • For each hosted user account, create its own dedicated group like “user1/group1”, “user2/group2”. Then add the user for LSWS to each individual group of hosted accounts.
usermod -a -G group1 lsws
usermod -a -G group2 lsws

/etc/group should likes like:

group1: lsws
group2: lsws 
  • Permission of user home directories should be set to “0750” or “0770”, so only user “lsws” can access or modify all the files. Other users can only access or modify their own files and cannot read others' files.
chmod 0770 /home/user1
  • Make sure to use suEXEC for all virtual hosts, all CGI/FCGI/PHP/LSAPI applications/scripts will be executed under the user account of the web site owner.
litespeed_wiki/security/shared_hosting_securities.txt · Last modified: 2006/11/12 19:17 (external edit)