Am Donnerstag, 22. Juni 2006 22:56 schrieb Rainer Sokoll: > On Thu, Jun 22, 2006 at 10:26:45PM +0200, Florian Lindner wrote: > > Hello, > > is it possible to assign each vhost a own process (or a process pool) > > with a distinct user? So that a apache process can not abused (with PHP > > for example) for accessing other users data? > > I don't think so. > > > If not, why not? > > ------8<------ > ~ >man fork > [...] > NAME > fork, fork1, forkall - create a new process > [...] > DESCRIPTION > The fork(), fork1(), and forkall() functions create a new > process. The address space of the new process (child pro- > cess) is an exact copy of the address space of the calling > process (parent process). The child process inherits the > following attributes from the parent process: > > o real user ID, real group ID, effective user ID, effec- > tive group ID > ------8<------ That is not an explanation. Since the apache process is lunched as root (so it can bind port 80 e.g.) it can fork different processes and change the uid/gid of these processes. Florian --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|