Privilege separation is a csoft.net feature which enables the web server to access content (and execute PHP or CGI scripts) under separate Unix credentials (UID/GID) than that of your main account. Specific domains or subdomains can be configured to execute under specific UID/GIDs. If a script installed under example.com is hacked, any damage would be limited to the ~/www/example.com/ directory.

Creating a new sub-account

Any existing sub-account can be used for privilege separation. You can create a new account from the "Unix Accounts" section of the web interface, or using csoftadm:

  csoftadm> subacct add
  Name for new user: fooblog
  Password: secret
  Password: (again): secret
  Home directory [www/fooblog]: www/fooblog.example.com
Associating domains and users

Domains and subdomains can be connected to specific users either from the web interface (under the Domain Names section), or from csoftadm:

  csoftadm> web user grant
  Domain/subdomain: fooblog.example.com
  User: fooblog
  Group users: (enter)
  Granted ownership of fooblog.example.com to fooblog:users

You can view and edit the current associations with the web user list command:

  csoftadm> web user list
  +-----------------------+----------------+
  | Domain                | User           |
  +-----------------------+----------------+
  | fooblog.example.com   | fooblog:users  |
  +-----------------------+----------------+

Note that our system does not treat subdomains such as www.example.com specially, so these must be associated explicitely as well:

  csoftadm> web user grant www.fooblog.example.com fooblog users
  csoftadm> web user list
  +-------------------------+----------------+
  | Domain                  | User           |
  +-------------------------+----------------+
  | fooblog.example.com     | fooblog:users  |
  | www.fooblog.example.com | fooblog:users  |
  +-------------------------+----------------+
Enabling privilege separation

Privilege separation can be enabled or disabled at any time from the web interface (under Preferences / Web service), or from the command-line:

  csoftadm> conf set privsep yes

Note: It may take up to 1 minute before the change is effective.