Running Apache VirtualHost under separate user with mpm-itk

mpm-itk allow you to run Apache VirtualHost under a specific user/group instead of under the Apache user/group. On Debian/Ubuntu Apache web server is run under user www-data. When you host multiple websites under an Apache server, running all sites under the same www-data user allows a hacker to access files of other sites if one of the sites is hacked. Having apache VirtualHost run as it own user give user-level isolation for each of your website. This also avoids permission-related errors due to apache running as a different user than the user you use to upload the files.

mpm-itk is non-threaded, it works file with mod_php. It works very similarly to mod_ruid2, which is removed from the latest Debian due to a security issue.

On Debian/Ubuntu, you can install it with

During the installation, the apache module gets enabled by default, you can enable/disable it with command

To activate mpm-itk, all you need to do is add the following code to the Apache VirtualHost entry of your website.

I normally create a user with the command

Then create a VirtualHost like the following

Add

Enable VirtialHost with

Create website folders

Restart Apache webserver

Back to Apache

Leave a Reply

Your email address will not be published. Required fields are marked *