httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Introducing mod_privileges for Apache HTTPD
Date Fri, 14 Nov 2008 10:22:17 GMT
I've just introduced mod_privileges to Apache HTTPD trunk.

This is a platform-specific module for Solaris 10 and OpenSolaris,
that makes the webserver privileges(5)-aware.  This enables the
server to be run with enhanced security, and with different
settings per virtual host.

The feature likely to be of most interest is that it enables
different virtual hosts to run under different Unix user and
group IDs, using the VHostUser and VHostGroup directives.
This is the capability once promised by the "perchild" MPM.

It has one major drawback: it is not suitable for a threaded MPM.
However, it is ideally suited for use with PHP, which of course
also precludes threads.  It should also be of interest to anyone
hosting other in-process scripting environments such as mod_perl,
mod_python or mod_ruby, or application modules.

http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/unix/mod_privileges.c
http://svn.apache.org/viewvc/httpd/httpd/trunk/docs/manual/mod/mod_privileges.xml

-- 
Nick Kew

Mime
View raw message