httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rich Bowen <>
Subject Re: Inclusion of mpm-itk into HEAD
Date Wed, 27 Jun 2007 13:59:27 GMT

On Jun 25, 2007, at 00:36, Graham Dumpleton wrote:

> A few comments below, but a few questions first to satisfy my own  
> curiosity.
> What specific applications are you running that require things to be
> run as a distinct user? Are these applications implemented directly in
> C as custom Apache modules, or are you writing stuff in other
> languages, ie., such as PHP, Perl, running under mod_php or mod_perl?
> What are the perceived reasons that solutions such as mod_fastcgi,
> mod_scgi or the various mod_proxy type solutions wouldn't be a viable
> alternative for hosting your application?

It's a request that comes up every single day in the various support  
forums: I am in a hosted environment, I have a virtual host, and a  
bunch of random strangers have full read permissions to my sensitive  
files, is there any way around this? So one of the main problems is  
not applications at all, but is static files. Folks want their static  
files to be owned by themselves, and not readable to random other  
users on the same system, but also serve-able by Apache. There are  
various user and group permission that can make this sort-of-but-not- 
quite happen, because whatever you do, someone can write a cgi  
program that can read your files.

So, in that situation, mod_fastcgi, mod_scgi, or whatever, are  
completely ineffectual. Having a solution where FILES are read by  
some other UID would solve this long-standing complaint.

Speaking only as help-desk personnel, and not as a code developer - I  
have no insight into how this would be implemented, I only answer the  
question, every day of every week for the last half-dozen years.

"There are two kinds of light--the glow that illuminates, and the  
glare that obscures."
James Thurber

View raw message