Could i have some help with this...https://wordpress.stackexchange.com/q/189554/51444 In setting up a google cloud compute server for shared webhosting, does the stack exchange thread meam the default php user should not be apache? What are the normal ispconfig methods for resolving this potential issue with servers containing Wordpress (for example) websites in shared hosting? Should i be altering my default ispconfig setup?
Yes. Every website has it's own user. In ISPConfig Panel, the website should have the Suexec box on. No.
Ok so i get that each wesite has its own user, however this stack exchange thread talks about the php apache user...the webserver itself. Doesnt that mean that by default the webserver apache user is by nature itself a fundamental flaw with this particular scenario in php driven websites like wordpress cms? I think i need to review my usual server file permissions ...im doing this from mobile phone without using any filemanager reference...probably unhelpful for my thinking process. I cant remeber who i have setup as the owner in wordpress installations...which leads me to another question...would thr wordpress user being part of the apache group still be an issue in relation to the stack exchange thread or does that provide a level of disconnectedness?(not saying my wordpress user is or isnt part of that group...just a running thought) Am i understanding correctly the issue may become a problem depending on the upload method used...ie ftp vs webserver/wordpress directly?
https://httpd.apache.org/docs/2.4/mod/mod_suexec.html Each website runs apache as a user specified fo that website.
