The Apache web server is most popular web server in the world. With Apache2, introduced Multi-Processing Modules, or MPM which changed the basic functionality of web server by modifying how Apache listens to the network, accepts, and handles requests.
apache2-mpm-itk is an MPM module for the apache web server which allows you to run each of your virtual host under a separate uid and gid i.e. the scripts and configuration files for one virtual host are completely separated from that of others and therefore no longer have to be readable for all of them.
Here, we assume that you already have lamp server configured on your system. All you need to do is to configure apache2 with apache-mpm-itk module so that you can run apache virtual hosts with multiple different users. Here we go !
First step is to install apache2-mpm-itk and enable it in order to use its functionality :-
1 2 3 |
sudo apt-get install apache2-mpm-itk sudo a2enmod mpm_itk |
If you face any issue while enabling the module, you are recommended to first disable mpm_prefork and then try to enable mpm_itk.
Run these commands :-
1 2 3 4 5 |
sudo a2dismod mpm_prefork sudo a2enmod mpm_itk |
Now, we have to add few lines to our virtual host configuration file :-
1 2 3 4 5 |
[...] <IfModule mpm_itk_module> AssignUserId username groupname </IfModule> [...] |
Example Scenario : Suppose you have to run two virtual hosts named ‘example1.com’ & ‘example2.com’ from two different users named user1 & user2 respectively. The default configuration file containing entries for virtual hosts i.e. /etc/apache2/sites-available/000-default.conf should be like this :-
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
<VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName example1.com ServerAdmin webmaster@localhost DocumentRoot /home/user1/public_html/ <IfModule mpm_itk_module> AssignUserId user1 user1 </IfModule> # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> <VirtualHost *:80> # The ServerName directive sets the request scheme, hostname and port that # the server uses to identify itself. This is used when creating # redirection URLs. In the context of virtual hosts, the ServerName # specifies what hostname must appear in the request's Host: header to # match this virtual host. For the default virtual host (this file) this # value is not decisive as it is used as a last resort host regardless. # However, you must set it for any further virtual host explicitly. ServerName example2.com ServerAdmin webmaster@localhost DocumentRoot /home/user2/public_html/ # Available loglevels: trace8, ..., trace1, debug, info, notice, warn, # error, crit, alert, emerg. # It is also possible to configure the loglevel for particular # modules, e.g. #LogLevel info ssl:warn <IfModule mpm_itk_module> AssignUserId user2 user2 </IfModule> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined # For most configuration files from conf-available/, which are # enabled or disabled at a global level, it is possible to # include a line for only one particular virtual host. For example the # following line enables the CGI configuration for this host only # after it has been globally disabled with "a2disconf". #Include conf-available/serve-cgi-bin.conf </VirtualHost> |
Restart apache2 service :-
1 2 |
service apache2 restart |
Hence, you have successfully enabled apache2-mpm-itk module and now each of your virtually hosted sites has its own dedicated user.
Need Support?
Thank You for reading this Blog!
For further more interesting blogs, keep in touch with us. If you need any kind of support, simply raise a ticket at https://webkul.uvdesk.com/en/.
For further help or query, please contact us or raise a ticket.