httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matthew Fisch <matthew.fi...@yahoo.com>
Subject suexec & mod_vhost_alias .... again
Date Sat, 29 Jul 2006 02:42:39 GMT
  I'm looking into converting a mass virtualhost cluster from zeus to apache and I can't find
a secure way to do this. I'm considering only mod_vhost_alias because I currently have 20,000
domains hosted on a few dozen servers connected to a NFS NAS. A hardcoded configuration is
not practical in this configuration. I need to be able to suexec CGI's on a per-customer basis
(by virtual domain). In addition to keeping my customers safe from each other, the users also
need to write files under their own UID, and I need to be able to account for system resource
usage on a per-user basis.

  I know this has been discussed before, but I can't really find anyone stating "this is the
reason why the feature doesnt exist". I've heard the argument that a flexible and secure way
to map uid/gids using map_vhost_alias has not been proposed. .. ala ...
  VirtualDocRoot directories in my setup are currently chowned to their respective customer
UID's, would not a flag to tell suexec to determine the UID of VirtualDocRoot be a safe mapping
method? It sticks to the mod_vhost_alias paradigm of basing the VirtualHost configuration
solely on the filesystem.
 
ps.
  Is the lack of support for this in apache practical (difficult to implement) or lack of
a developer resource?
 
Thanks in advance,
Matthew Fisch

Mime
View raw message