Around 2000-2010, shared hosting was extremely popular as a cheap solution (sometimes a few $ / month, or sometimes even free for just a few MB) for people starting blogs, small websites, e.g. using WordPress.
There was usually:
- just Apache + PHP + MySQL
- no SSH, only (s)FTP access
- something like 100 MB
- as far as I remember, they probably didn’t create a new virtual machine for each account
Question: before containerization / Docker went popular, how did major shared hosting providers ensure user isolation?
Did they just used
ChrootDirectory in sshd_config + different users like in How to create an isolated/jailed SFTP user?
<VirtualHost> config with
open_basedir to prevent PHP code to access other accounts’ files?
More generally, what were the main isolation techniques, preventing
user1234 to access
user5678‘s files on the same server with some malicious PHP code?