in Security, Web

Running Apache2 virtual hosts as different users with mpm-itk

apache2-mpm-itk is an MPM (Multi-Processing Module) for the Apache web server. mpm-itk allows you to run each of your vhost under a separate uid and gid — in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts.

1. Install the apache2-mpm-itk package

apt-get install apache2-mpm-itk

2. Configure user and group for each virtual host by adding the following line somewhere between <VirtualHost *:80>…</VirtualHost>

AssignUserId [user] [group]

Replace [user] and [group] with a username and group name that already exists on the system.

3. Change the owner of the web root

chown [user].[group] [location]

Replace [user] and [group] with the username and group name configured on the virtual host. Replace [location] with the location specified as DocumentRoot for the virtual host, eg. /var/www

4. Make sure the location isn’t accessible by other users (optional)

chmod o= [location]

Replace [location] with the location specified as DocumentRoot for the virtual host, eg. /var/www

5. Restart apache

/etc/init.d/apache restart

Write a Comment

Comment

  1. Do you think it is possible to have Apache access folders and files owned by different users ? I have user 3 different users that don’t have root access, they have their webfolders in /var/www/$USERNAME, and apache should have access to those files without any chmoding and chowining from them …