httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rici Lake <>
Subject Re: Inclusion of mpm-itk into HEAD
Date Thu, 28 Jun 2007 01:16:46 GMT

On 27-Jun-07, at 6:07 PM, Joshua Slive wrote:

> Good point. I moved some of this discussion into its own section,
> since it applies equally to the main example.

Yes, that's much better.
> I also removed your comments about needing separate LockFile/etc
> locations, since its not true in recent versions. (These files are
> created with the pid of the parent process appended to ensure they are
> unique.)

I actually tested that config file, and one of the stupid mistakes
I made was not putting a PidFile directive into each config. As
far as I can see, the ScoreBoardFile also needs a unique name;
only the lock file has the pid appended. Also, I had to manually
set UseCanonicalName Off, even though the manual says that's the
2.2 default. (This is a 2.2.4 installation from the FreeBSD port,
although I didn't set up a jailed test.)

In any event, if you're not starting the user servers as root,
which seems like the most secure setup, then it's quite possible
that they will not have write access to the /var subdirectories.
If they were started in a (chroot) jail then none of that would
be an issue.

The other issues I ran into were fairly minor: I had to map the
various modules and the mime.types file into places where the
user servers could see them.

I personally think this is quite a practical solution for
mass virtual hosting, but it would take a bit more work to
document and test.

It might well be useful to have a sort of "kiosk" version of
apache httpd, in which particular settings (for example, the
listening interfaces and some of the mpm tuning directives)
were locked down in some fashion. (Not everyone is going to
want to use FreeBSD jails.) The goal would be to allow the
user to directly write their own httpd configuration, thus
avoiding the need to use .htaccess files.

View raw message