2

We've got a few smart developers who work on separate proprietary projects. We use mostly PHP to do ad-hoc analysis and make a bunch of PHP web tools to help us visualize things internally.

The directory structure looks like:

  • /var/www/
    • / anton /
    • / mary /
    • / shared scripts /

Anton should not be able to view Mary's scripts, and vice versa.

I can envision changing the Linux folder permissions, so that Anton can only have read/write/execute his folder, and not even read Mary's folder.

However, in that case, what is to prevent Anton from the following:

  • writing a PHP script in his own folder that runs an 'exec' command to 'cat' the source code from Mary's folder?
  • run the script as www-data which is the default Apache user, and therefore has access to all folders, including Mary's?

Generally, if you want to run multiple proprietary projects on a single server, how would you go about it?

(Please note that I'm not interested in code obfuscation/encryption. Legal remedies are also an option that we already have in place. I'd be very interested in solutions beyond the legal realm though.)

Artjom B.
  • 61,146
  • 24
  • 125
  • 222
user3495297
  • 101
  • 1
  • 1
  • 5
  • Why are they under /var/www then? Anton could log onto localhost/mary and view all the scripts under there. – built1n Apr 03 '14 at 19:42
  • 1
    I've seen this asked in various guises on Stack Overflow (e.g. [this question](http://stackoverflow.com/questions/173875/how-do-you-protect-code-from-leaking-outside)) and the answer generally is that you should hire trustworthy developers, and then trust them. Technically, you could just run several servers (which gives a better level of security) but I suspect processes that tell your developers you don't trust them may not help build the long-term relationships you should be aiming for. – halfer Apr 03 '14 at 19:45
  • 2
    At my work we don't worry about permissions, but we do have our code separated (more for revision control). What we do, and this would probably work for you, is setup virtual hosting and give each their own sub-domain. Then set the subdomains to point their document roots to different folders and turn on open_basedir. Then set the linux permissions to prevent access to each other's folder. PHP won't be able to see outside of the document root and they can't use linux to access each. – Jonathan Kuhn Apr 03 '14 at 19:48

2 Answers2

0

Then create a script for every developer: each script, protected by its own login system, will list all files in developer's folder and it will allow to edit them with a form, which will modify (with str_replace) relative paths that go out of developer's folder

0

A quick search for apache config user per vhost

http://itsol.biz/apache-virtual-hosts-with-different-users-centos-6-2-and-apache-2-2/

Basically, I'd recommend making each user's folder it's own Virtual Host, and then using separate users for each vhost. That way the linux directory security would be effective even for the PHP scripts.

CLo
  • 3,650
  • 3
  • 26
  • 44