Hi,
I run WP hosting services, mostly on nginx.
I have things set up so that the Unix owner of the files (eg shoeshop) is different from the PHP execution user (eg shoeshop-www)
This so that when a hole opens up in Wordpress or a plugin, the miscreants who exploit the hole can't rewrite the core files and files in the docroot etc.
wp-content/uploads can be written to by the PHP user.
There is no easy way to set this up in OpenLitespeed. ExtApp Set UID Mode = DocRoot UID is almost there, but not quite.
My suggestion is that an additional mode is available "DocRoot GID->UID"
The idea is that you would getpwnam(getgrnam(docroot)) (ignoring the struct manipulation for the moment)
Get the group of the docroot and get the user with the same name, and set uid and gid accordingly.
Thus, in my example /vhosts/shoeshop.com.au/html would be owned by shoeshop:shoeshop-www and PHP would execute as shoeshop-www:shoeshop-www
This would be a much more secure way of running any PHP website.
Danny
I run WP hosting services, mostly on nginx.
I have things set up so that the Unix owner of the files (eg shoeshop) is different from the PHP execution user (eg shoeshop-www)
This so that when a hole opens up in Wordpress or a plugin, the miscreants who exploit the hole can't rewrite the core files and files in the docroot etc.
wp-content/uploads can be written to by the PHP user.
There is no easy way to set this up in OpenLitespeed. ExtApp Set UID Mode = DocRoot UID is almost there, but not quite.
My suggestion is that an additional mode is available "DocRoot GID->UID"
The idea is that you would getpwnam(getgrnam(docroot)) (ignoring the struct manipulation for the moment)
Get the group of the docroot and get the user with the same name, and set uid and gid accordingly.
Thus, in my example /vhosts/shoeshop.com.au/html would be owned by shoeshop:shoeshop-www and PHP would execute as shoeshop-www:shoeshop-www
This would be a much more secure way of running any PHP website.
Danny