httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Graham Dumpleton <graham.dumple...@gmail.com>
Subject Re: apache module's privileges
Date Tue, 15 Dec 2009 20:33:04 GMT
2009/12/16 Dan Poirier <poirier@pobox.com>:
> Jordi Prats <jordi.prats@gmail.com> writes:
>
>> If you start apache with root as usual, you realize that every module
>> is able to run code with root privileges:
> ...
>> Why is coded this way? Shouldn't run with lower privileges?
>
> No.  That's not the purpose of apache modules.

There is a lot more to it than that.

Parts of the code of an Apache module that are run in Apache parent
process will run as that user, normally root, but handling of actual
requests in an Apache worker process are done as less privileged user.

Suggest OP read:

  http://www.fmc-modeling.org/category/projects/apache/amp/Apache_Modeling_Project.html

 to understand the whole life cycle of Apache configuration and
initialisation, and of separate per request life cycle.

Graham

Mime
View raw message