httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lynn Winebarger <l...@freespeech.org>
Subject Questions regarding viability of development plan
Date Sun, 17 Sep 2000 22:28:37 GMT

   Sorry to butt into the list like this, but there wasn't a list faq or
searchable archives for recent postings.
   The non-profit free ISP I'm working for wants to expand its paying
customer base, and I'd like to be able to offer scripting services (I just
got them moved over to a Linux system from NT).  Unfortunately, Apache
only supports a single UID per server configuration.  As far as I can
tell, I have basically 4 options:
1) let them all run on the same server with the same UID, possibly munging
everyone else's files (unacceptable)
2) run a bunch of different servers, one for each vhost with scripting,
each using a different port (doable, but seems like it would waste
considerable resources in terms of duplicating processes
[unnecessarily]).
3) set up suexec (say goodbye to mod_php and/or mod_perl)
4) hack away at Apache to enable per virtual host user ids internally
(requiring all process to either run as root with all attendant deadly
hazards, or force processes to only deal with single vhost requests)
[(5) Wait for Apache 2.0 to become stable?]

   Given my inclination for tilting at windmills, (4) seems like the most
desirable choice, with each process switching to the appropriate uid/gid
for each request.  While I know this can't be easy (else it would have
been done already), it would seem that the current constraint of having a 
single user id would make it possible to do at a high enough level in the
request processing stage to be transparent (the idea being no request
actually gets processed as the root user, some other UID/GID is always
assumed before starting processing).
    The other thing I need (to implement) is a mass virtual hosting system
that determines capabilities for the virtual host nearly on the fly (or
least can be updated within some reasonably bounded amount of time by
staff without my direct intervention - I don't know how long I'll be
working here, and they need a simple process for updating members'
accounts).  Maybe someone could explain (or point me to an explanation) of 
why file descriptors are needed on a per-virtual host basis (with vhosts
in the config file, at least).
    I wouldn't be the only (or necessarily even main) person working on
this.  At this point, I need to determine whether it's even a viable
course of action, and where there be dragons if we do decide to pursue it.
So, please, disabuse me of my misconceptions.

Lynn




Mime
View raw message