Re: [users@httpd] Different users for different vhosts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Donnerstag, 22. Juni 2006 22:56 schrieb Rainer Sokoll:
> On Thu, Jun 22, 2006 at 10:26:45PM +0200, Florian Lindner wrote:
> > Hello,
> > is it possible to assign each vhost a own process (or a process pool)
> > with a distinct user? So that a apache process can not abused (with PHP
> > for example) for accessing other users data?
>
> I don't think so.
>
> > If not, why not?
>
> ------8<------
> ~ >man fork
> [...]
> NAME
>      fork, fork1, forkall - create a new process
> [...]
> DESCRIPTION
>      The fork(), fork1(), and forkall() functions  create  a  new
>      process.  The  address  space of the new process (child pro-
>      cess) is an exact copy of the address space of  the  calling
>      process  (parent  process).  The  child process inherits the
>      following attributes from the parent process:
>
>        o  real user ID, real group ID, effective user ID,  effec-
>           tive group ID
> ------8<------


That is not an explanation. Since the apache process is lunched as root (so it 
can bind port 80 e.g.) it can fork different processes and change the uid/gid 
of these processes.

Florian

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux