As explained elsewhere (on 4xtra and HMW‘s websites) we have discovered a need (if that’s the right phrase) to run each of our sites hosting a PHP based system as separate users, not as the default Apache user.
This has involved a lot of searching around on the Internet. Fortunately a lot of the instructions I found are for Ubuntu, which is my target distribution, but I couldn’t find one which worked “out of the box” for Ubuntu 16 as so much has changed from release to release: some steps are now performed automatically, files have been relocated, PHP has been upgraded. All make for subtle differences.
Many of the examples are for Nginx, which I’ve never used and frankly I’m happy with Apache and the extra controls that a .htaccess file gives me: a feature I believe Nginx doesn’t have.
These instructions are for Apache 2.4.18 and Unbuntu 16.04 and I’m assuming that like me you have an existing Apache installation with www-data owning, and PHP 7.0.13 running, your existing websites. It should all work for other close versions too.
Some writers say that the resulting configuration runs faster than the usual arrangements, some say it’s slower. For the size of the sites we are dealing with that’s not the pertinent question – we want to do this for increased security, not speed.
I hope any readers find it useful so here it is
And having spent so much time on this we are now running Ubuntu 19.10 on our servers: and most of my efforts no longer work…
However I have found much simpler solutions for this simple case of just Apache running websites as different users and also the more complicated method which runs different PHP processes for each user.
But beware! I found that trying to do both caused regular segmentation faults every night on the rollover to a new day and crashed Apache, so I had to fixed that too, in an odd sort of way.