httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Kalu┼ża <jkal...@redhat.com>
Subject Run external RewriteMap program as non-root
Date Thu, 05 Mar 2015 06:55:49 GMT
Hi,

currently, the External Rewriting Program (RewriteMap "prg:") is run as 
root. I would like to change it but I see three ways how to do it:

1. Execute it right after drop_privileges hook. This looks like best 
way, but I haven't found any hook which could be used for that (except 
drop_privileges with APR_HOOK_REALLY_LAST, which does not seem as proper 
place to me).

2. Execute it in child_init. This is done after drop_privileges, so the 
user/group is good. The "problem" here is that it would execute one 
rewrite program per child. Right now I'm not sure if it's really 
problem. It could be useful to have more instances of rewriting program 
to make its bottleneck lower.

3. Execute it where it is now (post_config), but set user/group using 
apr_procattr_t. So far I think this would duplicate the code of 
mod_unixd and would probably have to also handle the windows equivalent 
of that module (if there's any).

What way do you think is the best, or would you do it differently?

I'm attaching patch for number 2.

Regards,
Jan Kaluza

Mime
View raw message