View previous topic :: View next topic |
Author |
Message |
Lithorien -
Joined: 20 Jun 2004 Posts: 40
|
Posted: Wed Feb 14, 2024 5:09 pm Post subject: Per-Directory Operating System User |
|
|
Good morning - I've been hunting around to see if there's a way to do this that I'm missing and so far haven't found anything.
I operate a small managed hosting service where I use a single instance of Abyss that reads from /home/<user>/www/domain.tld/* for each domain that a client has hosted by me. Now normally this would not be an issue, say, for static pages because I could make the /home/<user>/www/* world-readable without it being too much of a security concern (only Abyss would be able to actually take advantage of that).
However.
I also offer private cloud services, through things like NextCloud. This requires writes to the directory, not just reads. Right now I have each one of those owned by www-data so that Abyss can read and write to each instance, but this is a major security problem AND locks the actual users out from being able to edit the configurations via SSH, AND it means that I can't assign user quotas since all the private clouds are owned by the same user (www-data).
What I'm looking to do is to be able to make Abyss function as a different OS user per domain. So in one case it might be operating as user1 at /home/user1/www/*, but then as user2 at /home/user2/www/*.
Is this possible with Abyss Web Server? I do have X2 so that's not an issue here.
Thank you! |
|
Back to top |
|
|
admin Site Admin
Joined: 03 Mar 2002 Posts: 1306
|
Posted: Sat Feb 17, 2024 9:35 pm Post subject: Re: Per-Directory Operating System User |
|
|
Lithorien,
For the maximum security, we suggest isolating your users and their applications (including a copy of X1 serving a single site) inside containers.
The host system will have X2 with a bunch of virtual hosts each acting as a reverse-proxy for the "containerised" X1 of each of your customers. _________________ Follow @abyssws on Twitter
Subscribe to our newsletter
_________________
Forum Administrator
Aprelium - https://aprelium.com |
|
Back to top |
|
|
Lithorien -
Joined: 20 Jun 2004 Posts: 40
|
Posted: Sat Feb 17, 2024 9:37 pm Post subject: |
|
|
Ah; that makes sense.
Thank you. |
|
Back to top |
|
|
|