Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
litespeed_wiki:security:shared_hosting_securities [2006/11/13 00:17] 127.0.0.1 external edit |
— (current) | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== How to Secure User Accounts in Shared Hosting Environment ====== | ||
| - | |||
| - | |||
| - | * Create a dedicated user/group for running LiteSpeed Web Server, for example like "lsws/lsws". Reinstall LSWS if needed. There might be other services running as user "nobody", it is better to set up a dedicated user account for LSWS. This account should have login shell disabled, same as "nobody". | ||
| - | |||
| - | * For each hosted user account, create its own dedicated group like "user1/group1", "user2/group2". Then add the user for LSWS to each individual group of hosted accounts. | ||
| - | |||
| - | usermod -a -G group1 lsws | ||
| - | usermod -a -G group2 lsws | ||
| - | |||
| - | /etc/group should likes like: | ||
| - | |||
| - | group1: lsws | ||
| - | group2: lsws | ||
| - | |||
| - | * Permission of user home directories should be set to "0750" or "0770", so only user "lsws" can access or modify all the files. Other users can only access or modify their own files and cannot read others' files. | ||
| - | |||
| - | chmod 0770 /home/user1 | ||
| - | |||
| - | * Make sure to use [[litespeed_wiki:CGI/FCGI/LSAPI/PHP suEXEC|suEXEC]] for all virtual hosts, all CGI/FCGI/PHP/LSAPI applications/scripts will be executed under the user account of the web site owner. | ||
| - | |||
| - | |||
| - | |||
| - | |||
| - | |||