Learning By Doing

Configure Different User Per Virtual Host on Nginx

For security reasons, you shouldn’t run all your NGINX virtual hosts with the same user. If you run all your websites with the same user ( www-data or nginx ), a PHP call to " system() / passthru() / exec() " will have access to all websites! Nginx will not protect you against this. PHP is just an example, but any popular web-server language has similar calls. As a hacker, you can “ls ..” to navigate through all websites and “cp / echo / mv ” to write your own code in any fi...

Tito Santana