Secure VPS and LAMP configuration

September 4, 2014 1.6k views


I need to set up a new Ubuntu server for hosting multiple websites. Which steps should I follow for maximum security and performance?


  • How can I configure Apache, so that each users won't be able to access each other's files?
  • And every virtual host runs with a separate user?
4 Answers

This can be done with a combination of Apache's mod_userdir and SFTP chroots. To limit an SFTP user to their home directory, you can edit /etc/ssh/sshd_config to include:

Match User username
    ChrootDirectory %h
    AllowTCPForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

Then enable mod_userdir with:

sudo a2enmod userdir
sudo service apache2 restart

Now files in /home/username/public_html will be available at:


hi @asb,

that's not what I want. I will set up a Virtual host for each client with custom domain name.

If Apache process runs as one single user, like www-data or apache, clients can read each other's files.

Should I run an Apache process by a separate user for each client? Or should I use chroot jailing for Apache?

I would save myself some trouble and install cpanel/whm. Yes is an extra cost but it will solve those problems for you.

@aguilar1181, thanks but it's not an option now. I need to do it myself and I'm looking for helpful advices

Have another answer? Share your knowledge.