This documentation website doesn’t support Internet Explorer. Please visit our old documentation to find what you’re looking for.
Using Passenger when providing shared-hosting
Relevant selection for this article:
There are special considerations that must be made when designing a multi-tenant shared hosting system.
This guide assumes that you are already familiar with installing and using Passenger. And serves as a prompt to consider issues particular to shared hosting.
The information in this section applies equally to the open source version and to the Enterprise version.
Table of contents
The main concerns to consider when setting up a shared hosting environment are as follows:
- Which configuration options allow customers to elevate privileges.
- Which configuration options will be provided to customers.
Step 1: Review the configuration options for Passenger Standalone:
Some options such as (but not limited to) –user allow a user to control what system user their app process runs as, and as such can be used to elevate privileges fairly trivially, or to interfere with other customers' processes. Therefore it is necessary to evaluate all of the configuration options provided by Passenger and whether they are safe to allow customers to control.