httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: Please include mpm-itk into upsteam.
Date Thu, 17 Nov 2005 14:52:46 GMT


Corentin CHARY wrote:
> Hi,
> I needed a simple way to user different Uid/Gid for my vhost, without cgi, and 
> with a not-threaded mpm (php is not realy threadsafe ...).
> I discover mpm-itk (based on mpm-prefork) 
> http://home.samfundet.no/~sesse/mpm-itk/ and mpm-peruser (based on mpm-metux) 
> http://www.telana.com/peruser.php .

> I think this mpm should be inclued into upstream, because a lot of people need 
> a mpm like this (to host multiple vhost with php).
> 

I'm almost the furthest thing from an expert on this subject that you'll 
find on this list, but...  These modules aren't going to be included in 
the base distribution any time soon.  Peruser seems to share many of the 
problems of metux/perchild, although perhaps this will improve with 
time.  mpm-itk processes requests as root, which is a major security 
problem.  It is also unclear to me how mpm-itk handles multiple 
connections.  Either it is serving only one request and then killing the 
process, or it is keeping the ability to suid, meaning that it is 
effectively always running as root.

One way I'd like to see to solve this obviously-frequently-mentioned 
problem is to simply automate the configuration process for setting up a 
reverse proxy with a pool of servers behind it.  This is already very 
possible with the existing server, but it requires a rather complex 
configuration.  Perhaps if we could figure out a way to simplify this, 
we could get most of the perchild benefits without the added complexity.

Joshua.



Mime
View raw message