On Mon, Jun 13, 2011 at 7:49 AM, Lars Nielsen <l...@mit-web.dk> wrote:
> Hi > I am running my own server on debian lenny with apache and php. Now I > have several websites that only I are going to update. Is it fine to run > those under the same userlogin and use virtualhosts or should I create a > separate user for each website? > Is it posible to maintain a secure server using a single user with > several websites? > As long as you trust your own code, your ftp/ssh password security and the security of your connection method (i.e. don't use ftp), you should be fine. If you use ANY code or library written by someone else, you need to be worried about its security and you might not want to run all the sites as the same user. That said, unless you plan on running a separate instance of apache on its own IP for each website, you will need to use virtual hosting. I use the ITK MPM, but this page gives you a nice list of options: http://wiki.apache.org/httpd/PrivilegeSeparation - Y
