Lithorien
Good morning - I've been hunting around to see if there's a way to do this that I'm missing and so far haven't found anything.
I operate a small managed hosting service where I use a single instance of Abyss that reads from /home/<user>/www/domain.tld/* for each domain that a client has hosted by me. Now normally this would not be an issue, say, for static pages because I could make the /home/<user>/www/* world-readable without it being too much of a security concern (only Abyss would be able to actually take advantage of that).
However.
I also offer private cloud services, through things like NextCloud. This requires writes to the directory, not just reads. Right now I have each one of those owned by www-data so that Abyss can read and write to each instance, but this is a major security problem AND locks the actual users out from being able to edit the configurations via SSH, AND it means that I can't assign user quotas since all the private clouds are owned by the same user (www-data).
What I'm looking to do is to be able to make Abyss function as a different OS user per domain. So in one case it might be operating as user1 at /home/user1/www/*, but then as user2 at /home/user2/www/*.
Is this possible with Abyss Web Server? I do have X2 so that's not an issue here.
Thank you!
admin
Lithorien,
For the maximum security, we suggest isolating your users and their applications (including a copy of X1 serving a single site) inside containers.
The host system will have X2 with a bunch of virtual hosts each acting as a reverse-proxy for the "containerised" X1 of each of your customers.