Permissions for each website run under different users (suexec, lsphp...)

Is there any tutorial to do that, as I see currently the system is using a single user for all webs: sslipse

[root@vddos public_html]# ls -lah
total 24K
drwxr-xr-x 3 sslipse sslipse 4.0K Mar 22 06:44 .
drwxr-xr-x 4 sslipse sslipse 4.0K Mar 22 04:13 ..
drwxr-xr-x 2 sslipse sslipse 4.0K Mar 22 04:13 .well-known
-rwxr--r-- 1 sslipse sslipse  725 Mar 22 04:14 index.html
-rw-r--r-- 1 sslipse sslipse   20 May  8  2014 info.php
-rw-r--r-- 1 sslipse sslipse  144 May 17  2016 who.php

For example web running as user1 privilege; web running as user2 privilege;

This is to limit the localattack

You are inside a public_html of a single website (All child domains under this will use this user)

However each website runs via its own user, you need to run

ls -la /home

  1. Add a USER: user1
  2. Add WEBSITE for user1:
  3. Check Permission /home:
[root@vddos ~]# ls -lah /home/
total 28K
drwxr-xr-x  7 root       root       4.0K Mar 22 07:15 .
dr-xr-xr-x 20 root       root       4.0K Mar 22 04:40 ..
drwx------  2 cyberpanel cyberpanel 4.0K Mar 22 06:42 cyberpanel
drwxr-xr-x  4 sslipse    sslipse    4.0K Mar 22 04:13
drwxr-xr-x  4 sslipse    sslipse    4.0K Mar 22 04:53
drwxr-xr-x  4 sslipse    sslipse    4.0K Mar 22 07:15
drwx------  2 vmail      vmail      4.0K Mar 22 04:02 vmail
  1. Check vHost Conf of WEBSITE
docRoot                   $VH_ROOT/public_html
vhDomain                  $VH_NAME
vhAliases                 www.$VH_NAME
enableGzip                1
enableIpGeo               1

index  {
  useServer               0
  indexFiles              index.php, index.html

errorlog $VH_ROOT/logs/$VH_NAME.error_log {
  useServer               0
  logLevel                ERROR
  rollingSize             10M

accesslog $VH_ROOT/logs/$VH_NAME.access_log {
  useServer               0
  logFormat               "%v %h %l %u %t "%r" %>s %b"
  logHeaders              5
  rollingSize             10M
  keepDays                10  compressArchive         1

scripthandler  {
  add                     lsapi:sslipse php

extprocessor sslipse {
  type                    lsapi
  address                 UDS://tmp/lshttpd/sslipse.sock
  maxConns                10
  env                     LSAPI_CHILDREN=10
  initTimeout             60
  retryTimeout            0
  persistConn             1
  pcKeepAliveTimeout      1
  respBuffer              0
  autoStart               1
  path                    /usr/local/lsws/lsphp72/bin/lsphp
  extUser                 sslipse
  extGroup                 sslipse
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           400
  procHardLimit           500
context /.filemanager {
  type                    NULL
  location                /usr/local/lsws/Example/html/FileManager
  allowBrowse             1
  autoIndex               1

  accessControl  {
    allow       , localhost
  addDefaultCharset       off

vhssl  {
  keyFile                 /usr/local/lsws/conf/vhosts/
  certFile                /usr/local/lsws/conf/vhosts/
  certChain               1
  sslProtocol             31

  1. Check passwd
[root@vddos ~]# cat /etc/passwd
ftp:x:14:50:FTP User:/var/ftp:/sbin/nologin
systemd-bus-proxy:x:999:998:systemd Bus Proxy:/:/sbin/nologin
systemd-network:x:998:997:systemd Network Management:/:/sbin/nologin
dbus:x:81:81:System message bus:/:/sbin/nologin
saslauth:x:997:76:Saslauthd user:/run/saslauthd:/sbin/nologin
rpc:x:32:32:Rpcbind Daemon:/var/lib/rpcbind:/sbin/nologin
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
nscd:x:28:28:NSCD Daemon:/:/sbin/nologin
mysql:x:995:994:MySQL server:/var/lib/mysql:/sbin/nologin
ftpuser:x:2001:2001:"pureftpd user":/bin/null:/bin/false
pdns:x:994:993:PowerDNS user:/:/sbin/nologin
dovecot:x:97:97:Dovecot IMAP server:/usr/libexec/dovecot:/sbin/nologin
dovenull:x:993:992:Dovecot's unauthorized user:/usr/libexec/dovecot:/sbin/nologin

It seems that I have add as many users or domains, their permissions are under USER sslipse

I understand your point of view, the problem is PHPSuExec user is picked from the domain name.

Your domain name here is similar, except the number (numbers are excluded), which is why you are getting the same user every time.

Try with something like:

Everything has been successful, thanks you!

But it seems that CyberPanel users will have trouble with different subdomains for plans CDN Server Static File:

[root@vddos ~]# ls -lah /home/
total 44K
drwxr-xr-x 11 root       root       4.0K Mar 22 07:41 .
dr-xr-xr-x 20 root       root       4.0K Mar 22 04:40 ..
drwxr-xr-x  4 cdnclou    cdnclou    4.0K Mar 22 07:40
drwxr-xr-x  4 cdnclou    cdnclou    4.0K Mar 22 07:41
drwx------  2 cyberpanel cyberpanel 4.0K Mar 22 07:34 cyberpanel
drwx------  2 vmail      vmail      4.0K Mar 22 04:02 vmail
drwxr-xr-x  4 voduyco    voduyco    4.0K Mar 22 07:31

Will add some random characters to PHPSuExec user which should rectify this.