virtual host security with user scripts (cgi, php, etc)

How can i secure my virtual hosts accounts. Some users run their own cgi/php script. I have suexec enabled.

But, what if some of this scripts has an exploit. Whats the most damage an insecure script could do the whole server or other clients?

I think that if the scripts run with the user permissions via suexec the damage of a buggy script will only affect that users files. Am i right?

Or could a buggy script with the user permissions lead to a root exploit even though its running with suexec?

How about chroot each virtual account? I thinkg this could minimize the risk, but havent tried that. And maybe its not posible with some confs, im using cpanel/whm.

Regards!

 

 

 

 

Top