Join the community today
Register Now

Web Application Isolation

Discussion in 'Forum Feedback & Suggestions' started by ArisC, Jan 21, 2018.

  1. ArisC

    ArisC Active Member

    Jun 1, 2017
    Local Time:
    7:39 AM
    Nginx Latest
    MariaDB Latest
    Hello, It's been 8+ Months using CentMinMod! 0 Freaking Problems with it! Still cant believe how stable and rich is! but I would like to know if is any isolation on every website I Deploy so if one site is vulnerable won't take the whole server down. The reason is because i would like to cut costs as some sites are not using all the resources and host 2 - 3 instead of 1 on 1 server. Thanks

  2. eva2000

    eva2000 Administrator Staff Member

    May 24, 2014
    Brisbane, Australia
    Local Time:
    2:39 PM
    Nginx 1.25.x
    MariaDB 10.x
    FAQ item 2 covers users accounts you can't lock site accounts down to user level like cpanel/WHM as there is no 100% user isolation between site accounts on Centmin Mod.

    Pure-ftpd virtual ftp users only isolates ftp Pure-FTPD Virtual FTP Users but isn't fully jailed like cpanel/WHM as Centmin Mod is not made or setup for shared hosting like cpanel/WHM but more for usage by trusted user (myself/yourself).

    So the pure-ftpd virtual ftp user can lock that ftp user to the nginx vhost directory but because files are owned by nginx user/group, it wouldn't stop a hacker using php/file based transversal of other nginx vhosts. If you want isolation, setup 1 server for each site your want to host. It's how I usually host my centmin mod sites/subdomain sites i.e. this forum is hosted on separate server from site and separate server from my other subdomain sites for * subdomains.

    Full chroot/jailed user/site isolation is on the long term to do list but nothing immediate is planned. There's a preview of what isolation may look like here.

    Thanks for the compliments. Centmin Mod is this way as I eat my own dog food and have 160+ servers running Centmin Mod LEMP stack :D