Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 19th July 2011, 10:40
talkingnews talkingnews is offline
Member
 
Join Date: Jan 2011
Posts: 65
Thanks: 15
Thanked 5 Times in 5 Posts
Default nginx + php-fcgi + vsftp = great. But how to have different users?

I'm a complete nginx convert - took a couple of days, but with the guides here and elsewhere, I've got nginx+vsftp running 4 sites:
2 busy wordpress installs and a reasonably busy (20 or so on at any one time) phpbb forum. All rewrites working. And it doesn't even make an Amazon ec2 free micro instance break a sweat - the previous Apache2 config was bringing it down 5 times a day. nginx FTW by a mile, and service apache2 stop FTMFW!

The problem is, I've had to drop ispconfig, which is a shame. So I'm only missing one gap in my linux newbie knowledge now, with relation to security. In the situation I have now, all sites run the same user, and with ftp I log into the web root.
What's I'd prefer to do is have the ispconfig model of each site having its own user and group, so, I suppose, if someone hacked one site, they couldn't hack files of another site.

And here's where no amount of googling will turn anything up. Any ideas?
Reply With Quote
Sponsored Links
  #2  
Old 20th July 2011, 17:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,711
Thanks: 1,899
Thanked 2,702 Times in 2,545 Posts
Default

I guess you will have to set up system users manually with the useradd command. Take a look at
Code:
man useradd
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 20th July 2011, 20:14
talkingnews talkingnews is offline
Member
 
Join Date: Jan 2011
Posts: 65
Thanks: 15
Thanked 5 Times in 5 Posts
Default

Hmmm, perhaps I didn't describe very clearly. To clarify:
I can create users, no problem. But in Ispconfig, it seemed to run each website as it's own unique user. In other words, the server would run with the permissions of client1:user2
With the nginx/php-fcgi setup I have, everything runs as www-data:www-data.
Although I backup every night, if someone access one site, in theory a dodgy script, rather than hacking just the one site, could work it's way round the whole /var/www/ and hack all 4 sites. Yes, they're only small and backed up twice a day so it wouldn't cause massive problems, but I'd like to just eliminate that possibility.

I can just about see how you'd run each SITE as a different user in nginx, but of course it's the php that's writing data to the server. The only thing I can think of is if I run 4 php backends, each on their own port and user.
Just doesn't seem to be the correct way to do things, a bit untidy, and I was wondering if there was a neater way.
Reply With Quote
Reply

Bookmarks

Tags
nginx, php-cgi, vsftp, vsftpd

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
FFMPEG maybe not an php library? Mkipz Installation/Configuration 2 14th September 2009 21:13
Postfix - Relay access denied gotting Server Operation 3 23rd April 2008 14:06
Transferring Hard Drive to new System latcarf Installation/Configuration 26 20th February 2007 18:51
Junk mail and spamassassin... sthompson Installation/Configuration 4 27th December 2006 16:11


All times are GMT +2. The time now is 07:21.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.