Using Passenger when providing shared-hosting
Relevant selection for this article:
There are special considerations that must be made when designing a multi-tenant shared hosting system.
This guide assumes that you are already familiar with installing and using Passenger. And serves as a prompt to consider issues particular to shared hosting.
The information in this section applies equally to the open source version and to the Enterprise version.
Table of contents
- Loading...
Conceptual overview
The main concerns to consider when setting up a shared hosting environment are as follows:
- Which configuration options allow customers to elevate privileges.
- Which configuration options will be provided to customers.
Step 1: Review the configuration options for Apache:
Some options such as (but not limited to) PassengerUserSwitching allow a user to control what system user their app process runs as, and as such can be used to elevate privileges fairly trivially, or to interfere with other customers' processes. Therefore it is necessary to evaluate all of the configuration options provided by Passenger and whether they are safe to allow customers to control.
Step 2: Limit customer configuration to safe options:
We highly recommend whitelisting the configuration options that a user can set using AllowOverrideList or something similar.