#StackBounty: #php #apache-2.4 #virtualhost #shared-hosting How did shared hosting providers ensure user isolation before containerizat…

Bounty: 50

Around 2000-2010, shared hosting was extremely popular as a cheap solution (sometimes a few $ / month, or sometimes even free for just a few MB) for people starting blogs, small websites, e.g. using WordPress.

There was usually:

  • just Apache + PHP + MySQL
  • no SSH, only (s)FTP access
  • something like 100 MB
  • as far as I remember, they probably didn’t create a new virtual machine for each account

Question: before containerization / Docker went popular, how did major shared hosting providers ensure user isolation?

Did they just used ChrootDirectory in sshd_config + different users like in How to create an isolated/jailed SFTP user?
+ <VirtualHost> config with open_basedir to prevent PHP code to access other accounts’ files?

More generally, what were the main isolation techniques, preventing user1234 to access user5678‘s files on the same server with some malicious PHP code?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.