On 8/29/06, Gary W. Smith <gary@xxxxxxxxxxxxxxx> wrote:
Joshua, Let me pass this pseudo logic by you. * Create a dedicated user (say suapache:suapache/no shell/no homedir). * Add that user to the sudo privileges file (with access the dedicated list of apps they can execute with nopass set and only localhost as access). * Create another instance of Apache running on a different port running with the new user (suapache) on 127.0.0.1. From reading the sudoers sample page this seems to fit what I want to do. Does this logic seem appropriate? My next question about the Apache instance. I can either do one of two things, create a completely separate instance of apache from source or use the existing runtime with a separate configuration file. I am familiar with the first (as we have run two separate instances before) but I don't have any experience running two instances with distinct configuration files. Which would you suggest?
Sounds fine to me. I'd probably go with a separate install, just so that you can strip the second apache down to the absolute minimum modules. (You could do the same with one install if you use dynamically-loaded modules, but it is a little less clean.) Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|