I currently have a web server which is running NginX 1.0.15 on Arch Linux with the following libraries: PHP-FPM, Python, Perl, and Ruby. With all these libraries, I kinda need to lock down my server. Before, I didn't have to worry about other users creating scripts or anything else, but recently I've need to open up the server to my clients.
My issues is how do I secure each virtual host folder so that if a script is created within one virtual host, it cannot access other virtual host folders. With PHP-FPM there are ways to get around it, one way is to create separate processes for each virtual host, but that's just PHP and that's a solution which I would like to only use if I have to.
I've asked this question on reddit and stack overflow and I haven't gotten the answer to my question.
On reddit, http://www.reddit.com/r/linuxadmin/comments/t045c/securing_virtual_hosts/, I went into detail about my issue, so please do read the post to get more background about my issue.
On stack overflow, http://stackoverflow.com/questions/10391600/is-there-anything-that-can-mimic-the-apache-modules-mod-suexec-behavior-with-ng, I asked if there is something that mimic's the apache module Mod_suexec for NginX, didn't really get a response I was hoping for.