On 5/17/06, Aaron Axelsen <lists@xxxxxxxxxxxx> wrote:
A while ago, I remember reading an article, or seeing a website which discusses the possibilities of modifying the apache 2 source code to allow different virtual hosts to execute as different system users. Basically, the final goal is to bypass the need to use suexec or suphp by just having apache run as the given user for a virtual host. In theory, this sounds possible. Has anyone else investigated this? Or does anyone know of any web resources for this?
In theory it sounds easy, until you start to really think about how unix handles permissions. In practice, it is close to impossible. The solutions that have been tried are all about 1) proxying requests between different pools of processes/threads that are setup under different userids; or 2) letting each apache process serve only one request before dying; or 3) running apache request processing as root. None of these solutions has really worked out. You can try googling for the metux mpm and the perchild mpm. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|