January 13th, 2014, 08:11 AM
Run sites under one or separate users?
I have the option to run site under one user i.e
or do :
The first way is good because it will promote code re-use. But I just want to avoid the if one sites get hacked, all sites will be compromised scenario. Having said that:
I only store the user data in the database. (my own and external). Users do not do any uploading of file etc. Form data is sent to external DB (which has its own checks) and my own MySQL db (using prepared statements).
SO my question is, if this is the only usage, is it OK to store them all
under one user as hacking chances are minimal?
January 13th, 2014, 08:23 AM
Code re-use on multiple sites in both situations are possible, simply create a "library" or "libs" folder somewhere on your file-system then symlink it in your website (ensure of course apache has follow sym links enabled and that your users have read access to the location on the file-system)
As for running under multiple users, you're probably still running the websites under a single user (more than likely "apache" or "wwwuser", depending on your distro). I'm sure you can start the processes as different user names but I don't know how.
Last edited by badger_fruit; January 13th, 2014 at 09:41 AM.
Reason: added note about user access to FS
"For if leisure and security were enjoyed by all alike, the great mass of human beings who are normally stupefied by poverty would become literate and would learn to think for themselves; and when once they had done this, they would sooner or later realise that the privileged minority had no function and they would sweep it away"
- George Orwell, 1984
January 13th, 2014, 10:22 AM
for security's sake there is an option which doesnt allow one user to read other user's folder.
January 13th, 2014, 01:04 PM
I'd probably go for different users, if only because you need to have users in the first place (?).
As for "hacking chances", it doesn't really help mitigate that per se. The only thing you're doing is preventing (barring another exploit) access to the other site's files. That does go towards limiting the amount of damage being done, but you still have one site that needs to be restored from backup.