Learn about Centmin Mod LEMP Stack today
Become a Member

Web Application Isolation

Discussion in 'Forum Feedback & Suggestions' started by ArisC, Jan 21, 2018.

  1. ArisC

    ArisC Active Member

    109
    27
    28
    Jun 1, 2017
    Ratings:
    +50
    Local Time:
    3:28 AM
    Nginx 1.13.10
    MariaDB 10.1.32
    Hello, It's been 8+ Months using CentMinMod! 0 Freaking Problems with it! Still cant believe how stable and rich is! but I would like to know if is any isolation on every website I Deploy so if one site is vulnerable won't take the whole server down. The reason is because i would like to cut costs as some sites are not using all the resources and host 2 - 3 instead of 1 on 1 server. Thanks
     
    • Like Like x 1
  2. eva2000

    eva2000 Administrator Staff Member

    35,100
    7,750
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +11,951
    Local Time:
    10:28 AM
    Nginx 1.15.x
    MariaDB 5.5/10.x
    FAQ item 2 covers users accounts you can't lock site accounts down to user level like cpanel/WHM as there is no 100% user isolation between site accounts on Centmin Mod.

    Pure-ftpd virtual ftp users only isolates ftp Pure-FTPD Virtual FTP Users but isn't fully jailed like cpanel/WHM as Centmin Mod is not made or setup for shared hosting like cpanel/WHM but more for usage by trusted user (myself/yourself).

    So the pure-ftpd virtual ftp user can lock that ftp user to the nginx vhost directory but because files are owned by nginx user/group, it wouldn't stop a hacker using php/file based transversal of other nginx vhosts. If you want isolation, setup 1 server for each site your want to host. It's how I usually host my centmin mod sites/subdomain sites i.e. this forum is hosted on separate server from centminmod.com site and separate server from my other subdomain sites for *.centminmod.com subdomains.

    Full chroot/jailed user/site isolation is on the long term to do list but nothing immediate is planned. There's a preview of what isolation may look like here.

    Thanks for the compliments. Centmin Mod is this way as I eat my own dog food and have 160+ servers running Centmin Mod LEMP stack :D
     
..