adding the apache user to every new group

Discussion in 'Installation/Configuration' started by meemu, Apr 17, 2007.

  1. meemu

    meemu ISPConfig Developer ISPConfig Developer


    I am fairly new to ispconfig. We are looking at using it on our new web server. My colleagues had a look and we had certain ideas on how to improve security. The solution we came up with (it's not ours!) is based on this

    I've had a brief look at the ispconfig code but maybe it's easier to ask for help here. I am trying to change the user account creation for web users so that every new group has the apache user as member.

    Any help appreciated.
  2. Lucian

    Lucian New Member

    I've been in the webservers field for quite some time now. The best solution to run PHP in a secure manner and without loss of performance is PHP+SuExec+FastCGI.
    open_basedir isnt a solution, what if the client wants to use ImageMagick which has its binaries installed in /usr/local/bin?

    Read this page if you want to find out more about php+fastcgi:

    I've been running a php+fastcgi in production for more than a year now and it rocks! This is the manner I want a control panel to deploy php in virtualhosts.
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    Adding the www-data user to the group does not make things more secure. Instead you should install SuPHP and switch ISPConfig to SuPHP mode in the file, so your .php and cgi scripts where executed under the username of the web admin of the site.
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    You can do this with ISPConfig too. If I remember correctly, there are some posts about this topic in the forum.

Share This Page