I have a Centos6 64-bit server, Apache/2.2.15, PHP5.3.3, one IP and four name-based virtual hosts and SSL/SNI to provide https in addition to http. All those hosts are assigned to different linux users. I have root access to server and all those users are my own and other people have no shell access to the server. Server uses suPHP and SuExec to run cgi-processes as those users instead of apache user.
Now I realized that suPHP is very slow when compared to mod_php. Initially I ended up to suPHP, because previously those all 4 accounts were on different shared servers and it was rather easy to transfer them to one server and maintain those linux users.
But because the server is my own, I think that I have no need for suPHP and I'm considering movement to use only DSO (mod_php).
I'm considering the following workflow:
1) Changing Apache user to one of my linux users eg. user1.
2) Changing ownership of other user's files to user1. Every user has own document root (public_html) in /home/user1, /home/user2 etc.
3) Because some processes consume too much resources and are needed to run command line, all users have distinct passwordless access to this server (shell_exec("ssh user1@localhost 'someprogam'")
, shell_exec("ssh user2@localhost 'someprogram'")
etc). After this transfer only apache user (ie user1) needs this like ssh access to localhost, so other ssh-things can be removed. Tip! This is by the way nice way to override php resource restrictions on a shared (or any other) server. Usually you ssh to remote server, but why not also to local server. Especially useful when mogrifying large images. This technique is based on the fact that via ssh the program is run as a shell program (versus CGI) and shell has not so much memory and execution time restrictions.
After these steps apache user (ie. user1) will have rwx access to /home and all below it.
Is this workflow OK? I assume that there is no security risks (outside or inside) because all users and sites on the server are my own and I cannot find any reason why DSO (mod_php) in this case would be more insecure than suPHP.
This transfer requires changing tens of lines of code, but I assume that the speedup is so huge that the process is meaningful.