Privilege Separation for PHP and CGI

Privilege separation is a feature which enables the web server to access content (and execute PHP or CGI scripts) under separate Unix credentials (UID/GID) than that of your main account. Specific domains or subdomains can be configured to execute under specific UID/GIDs. If a script installed under is hacked, any damage would be limited to the ~/www/ directory.

Creating a new sub-account

Any existing sub-account can be used for privilege separation. You can create a new account from the "Unix Accounts" section of the web interface, or using csoftadm:

  csoftadm> subacct add
  Name for new user: fooblog
  Password: secret
  Password: (again): secret
  Home directory [www/fooblog]: www/
Associating domains and users

Domains and subdomains can be connected to specific users either from the web interface (under the Domain Names section), or from csoftadm:

  csoftadm> web user grant
  User: fooblog
  Group users: (enter)
  Granted ownership of to fooblog:users

You can view and edit the current associations with the web user list command:

  csoftadm> web user list
  | Domain                | User           |
  |   | fooblog:users  |

Note that our system does not treat subdomains such as specially, so these must be associated explicitely as well:

  csoftadm> web user grant fooblog users
  csoftadm> web user list
  | Domain                  | User           |
  |     | fooblog:users  |
  | | fooblog:users  |
Enabling privilege separation

Privilege separation can be enabled or disabled at any time from the web interface (under Preferences / Web service), or from the command-line:

  csoftadm> conf set privsep yes

Note: It may take up to 1 minute before the change is effective.
© 2024 CubeSoft Communications
All Rights Reserved.