| 1 |
Consider using mpm_itk in place of suphp. |
| 2 |
It appers to be much more simple and secure because not only PHP |
| 3 |
secured but every apache process run with user's privelege. |
| 4 |
|
| 5 |
Regards, |
| 6 |
Alexey Kopytko |
| 7 |
|
| 8 |
В Sun, 15 Apr 2007 11:24:05 +0200 |
| 9 |
"Adam Lantos" <hege@××××××.org> пишет: |
| 10 |
|
| 11 |
> Hello, |
| 12 |
> |
| 13 |
> I run a development server for our company (SFTP, web, php |
| 14 |
> developments, mailing lists). |
| 15 |
> |
| 16 |
> -gentoo-hardened (grsecurity) |
| 17 |
> -ldap database for user authentication |
| 18 |
> -apache2+suphp |
| 19 |
> |
| 20 |
> I personally prefer Ldap over mysql because of its optimized |
| 21 |
> performance, and scalability. Ldap is stable enough, and it's much |
| 22 |
> more secure than mysql (using TLS for connections, you can set ACLs). |
| 23 |
> You can store virtually anything related to users without bothering |
| 24 |
> with database schemes - quotas, email accounts, database |
| 25 |
> configurations, apache configuration and so on... Ldap is faster too |
| 26 |
> because of the binary database backend it uses. And much more tools |
| 27 |
> support Ldap, so you can use one password to sftp, one password to |
| 28 |
> apache htaccess, ... easier than with mysql. |
| 29 |
> |
| 30 |
> With grsecurity/rsbac/rbac you can limit any aspect of clients |
| 31 |
> (restrict client socket connections, /tmp usage, log audit events). |
| 32 |
> Use chroot is you want to separate users strongly from each other. |
| 33 |
> |
| 34 |
> With the use of SUPhp your customers can run their scripts with their |
| 35 |
> privilege level. (So no world-writable files required, and the |
| 36 |
> privileges of PHP is in your hand, customize it per customer.) |
| 37 |
> |
| 38 |
> Some things to consider: |
| 39 |
> -FTP is insecure, because it sends the password in plaintext. |
| 40 |
> -SFTP is better, but it uses more CPU. Set rssh shell, and customize |
| 41 |
> pam. I think you don't want to give them full shell access. |
| 42 |
> -If the LDAP is down, your whole hosting system become unusable. The |
| 43 |
> same thing is with the mysql, so it's not a big problem. |
| 44 |
> |
| 45 |
> |
| 46 |
> yours, |
| 47 |
> Adam |
| 48 |
> |
| 49 |
> On 4/15/07, Michael <mycroes@××××××.nl> wrote: |
| 50 |
> > Hello all, |
| 51 |
> > |
| 52 |
> > I'm currently working on a hardened install for a web/mail-server. |
| 53 |
> > Clients need to be able to upload their site content, either by ftp |
| 54 |
> > or sftp... As I see it now, there are three options for user |
| 55 |
> > management: 1. Add real users to the system |
| 56 |
> > 2. Add virtual users to a mysql db, use one user for files and let |
| 57 |
> > programs use the database |
| 58 |
> > 3. Use pam-mysql or nss-mysql to have the users in a database |
| 59 |
> > |
| 60 |
> > Personally I'd prefer using a database because of the management, |
| 61 |
> > but I'm not considering security at all in this preference. I bet |
| 62 |
> > some of you ran into the same problem and took one of the |
| 63 |
> > approaches I mentioned above. |
| 64 |
> > |
| 65 |
> > Because clients are using php too I don't know if it's advisable to |
| 66 |
> > use one user on the system and virtual users for ftp/sftp access. |
| 67 |
> > Next to that it would be nice to have decent quota support, so in |
| 68 |
> > that case I guess point 2 won't work... |
| 69 |
> > |
| 70 |
> > Anyway, I hope someone who used one of these methods on a production |
| 71 |
> > server can tell some more about what's the best way to solve this |
| 72 |
> > problem and why it's the best way. |
| 73 |
> > Greetings, |
| 74 |
> > |
| 75 |
> > Michael |
| 76 |
> > |
| 77 |
> > -- |
| 78 |
> > gentoo-hardened@g.o mailing list |
| 79 |
> > |
| 80 |
> > |
| 81 |
-- |
| 82 |
gentoo-hardened@g.o mailing list |
Archives