[nycbug-talk] New Webserver

Matt Juszczak matt at atopia.net
Tue Apr 8 00:15:34 EDT 2008

Hi all,

Been sick for a day or so so if my email sounds a bit choppy, sorry!

I'm about to setup (well, ok, I actually did just setup) a new webserver 
for my side ventures.  This server will have managed and self-managed 

In the past, I've never really chrooted and/or jailed processes - I have 
to do it once or twice per customer request, but never on my own boxes as 
a general security policy.  I'm usually really good at keeping boxes 
patched and up to date, etc.  But this box is going to have about 20 
webhosting customers - both managed and un managed.  Some of these users 
will of course be uploading their own content via SFTP or FTP, and for all 
I know the security of their PHP scripts, etc. may be "not so good".

What does everyone here usually do in securing those boxes?  Do you 
usually setup jails/chroots for the webserver processes, etc., or do you 
rely on internal settings in things like php.ini to maintain security for 
your public webservers?



More information about the talk mailing list