httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johannes Erdfelt <johan...@erdfelt.com>
Subject Re: trouble w/ perchild MPM
Date Wed, 27 Nov 2002 01:18:06 GMT
On Wed, Nov 27, 2002, James Ponder <james@squish.net> wrote:
> On Tue, Nov 26, 2002 at 07:44:34PM -0500, Johannes Erdfelt wrote:
> > This can include shared (sometimes requiring connections to be passed)
> > and non shared (always answered by the child) sockets.
> > 
> > I don't particularly see the non shared case as a concern. The shared
> > case can be a problem.
> > 
> > If either are a problem, I suspect that perchild is not the MPM you want
> > to use.
> 
> Perhaps perchild can be improved further to have a set of listener
> processes/threads, under the generic apache user id or another secured id,
> which accepts connections but does not process them.  These threads then
> pass the connections on to the correct user-owned child id via the named
> sockets, allowing these child users to have no listening sockets at all
> (except the unix domain socket).

It would need to be a process. Mixing uid's among threads is not
portable.

Switching to a model like is possible, but I'm willing to be that
passing fd's is not cheap and would just create overhead.

Do you want to do this for security reasons?

JE


Mime
View raw message