Privilege separation for web service

Privilege separation for web service
<-- Back to Documentation

[en] [fr]

Privilege separation is a feature which enables the web server to access content (and execute PHP and CGI scripts) under different unix credentials (UID/GID) than your main account. Specific domains or subdomains can be configured to execute under specific UID/GIDs. If a script installed under a given domain has its security compromised, privilege separation prevents the attacker from reading or writing any data outside of that domain's specific directory.

Creating a new sub-account

Any existing sub-account can be used for privilege separation. You can create a new account from the "Unix Accounts" section of the web interface, or using csoftadm:

  csoftadm> subacct add
  Name for new user: fooblog
  Password: secret
  Password: (again): secret
  Home directory www/fooblog: www/fooblog.mydomain.ext

Associating domains and users

Domains and subdomains can be connected to specific users either from the web interface (under the Domain Names section), or from csoftadm:

  csoftadm> web user grant
  Domain/subdomain: fooblog.mydomain.ext
  User: fooblog
  Group users: (enter)
  Granted ownership of fooblog.mydomain.ext to fooblog:users

You can view and edit the current associations with the web user list command:

  csoftadm> web user list
  +-----------------------+------------------------------+
  | Domain                | User                         |
  +-----------------------+------------------------------+
  | fooblog.mydomain.ext  | fooblog:users                |
  +-----------------------+------------------------------+

Enabling privilege separation

Privilege separation can be enabled or disabled at any time from the web interface (under Preferences / Web service), or from the command-line:

  csoftadm> conf set privsep yes

It may take up to 5 minutes before the change can take effect.