Restrict LSPHP to certain paths
We handle a couple of sites every week where the user had an old installation of Wordpress, hidden on a subdomain on a separate folder. Which leads to the whole account being removed/hacked etc. This is quite bothersome as well because there is a lot of sensitive stuff in the users homedir, just as an example, the /ssl folder or /mail.
We had an idea, where maybe we could through .htaccess/.user.ini control which folders lsphp could access, to go even further, maybe even split read/write, in good cases the users actually know what they are doing and they update the site through ssh, and only allow volatile material through update folders.
Have you thought about such a control, is it feasible?
An easy fix would be to add an .htpasswd to the old folder, block access to it except on specific IPs on .htaccess, or simply ask the customer to delete the folder altogether, or be ready to restore their website each and every day.
It's not a good idea to keep an old websites online and unsupervised, think of them as a toddler, they seem harmful until some hacker teaches them how to use scissors.
AdminIgor Seletskiy (CEO, Cloud Linux) commented
Due to the way linux work, this cannot be done the way it is explained.
Chrooting / jailing a process will make it unable to load shared libraries / etc...
And there is no difference in how it processes access shared libraries, vs how they read arbitrary files.