Correctly setup apache virtual hosts with multiple users

Solution 1:

Since question is the top search result in google when asked "apache virtual host separate user", I'd like to give a more elaborate answer based on this answer. My answer does not cover the usecase of PHP and CGI (you would use suPHP). It focuses on PHP when used as an apache module.

You can use the apache module apache2-mpm-itk. It is available for the current version of apache 2.4. It comes with the directive AssignUserID. This directive defines the user and group a virtual host's request is handled with. This is an example of the apache site configuration I ended up with:

<VirtualHost *:80>
ServerName www.site1.com
DocumentRoot /home/www/site1.com
AssignUserID site1 www-data
php_admin_value open_basedir /home/www/site1.com
...
</VirtualHost>

Of course, this does only improve security as long as the individual DocumentRoots are owned by their respective users and are not group accesible. For further PHP-related security, scripts are jailed in the DocumentRoot with the open_basedir restriction. As for the backend file access, I prefer SFTP with chroot.

Note: apache2-mpm-itk is currently incompatible with Apache's http2 module.

Solution 2:

I don't consider this is an answer to your question myself. But since I can't comment yet, I have to write in the "answer" area. I seasonally do web management, one way for me to test and try things out in a safe way is to setup a test environment in a virtual machine (i.e. VirtualBox) or an "old" desktop computer. One of the very common problem of newbie web host admins is to understand how web server programs work. In this case I assume you need to understand how Apache works and at least understand the configuration files. I find that Webmin is a very helpful tool - for a newbie - to manage Apache and other services. You have to spend some time to try things out in you test environment so things will become clearer for you.

Coming back your question, I think the answer can well be a tutorial article or a small book. Check out these articles for a start:

https://www.digitalocean.com/community/articles/how-to-set-up-apache-virtual-hosts-on-ubuntu-12-04-lts

http://www.servermom.org/build-ubuntu-server-a-complete-guide/