Want to subscribe to topics you're interested in?
Become a Member

Web Application Isolation

Discussion in 'Forum Feedback & Suggestions' started by ArisC, Jan 21, 2018.

  1. ArisC

    ArisC Active Member

    125
    30
    28
    Jun 1, 2017
    Ratings:
    +61
    Local Time:
    3:07 PM
    Nginx Latest
    MariaDB Latest
    Hello, It's been 8+ Months using CentMinMod! 0 Freaking Problems with it! Still cant believe how stable and rich is! but I would like to know if is any isolation on every website I Deploy so if one site is vulnerable won't take the whole server down. The reason is because i would like to cut costs as some sites are not using all the resources and host 2 - 3 instead of 1 on 1 server. Thanks

     
  2. eva2000

    eva2000 Administrator Staff Member

    53,247
    12,117
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,655
    Local Time:
    10:07 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FAQ item 2 covers users accounts you can't lock site accounts down to user level like cpanel/WHM as there is no 100% user isolation between site accounts on Centmin Mod.

    Pure-ftpd virtual ftp users only isolates ftp Pure-FTPD Virtual FTP Users but isn't fully jailed like cpanel/WHM as Centmin Mod is not made or setup for shared hosting like cpanel/WHM but more for usage by trusted user (myself/yourself).

    So the pure-ftpd virtual ftp user can lock that ftp user to the nginx vhost directory but because files are owned by nginx user/group, it wouldn't stop a hacker using php/file based transversal of other nginx vhosts. If you want isolation, setup 1 server for each site your want to host. It's how I usually host my centmin mod sites/subdomain sites i.e. this forum is hosted on separate server from centminmod.com site and separate server from my other subdomain sites for *.centminmod.com subdomains.

    Full chroot/jailed user/site isolation is on the long term to do list but nothing immediate is planned. There's a preview of what isolation may look like here.

    Thanks for the compliments. Centmin Mod is this way as I eat my own dog food and have 160+ servers running Centmin Mod LEMP stack :D