Return-Path: 
 <modules-dev-return-2463-apmail-httpd-modules-dev-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-modules-dev-archive@minotaur.apache.org
Received: (qmail 55327 invoked from network); 4 May 2009 16:49:31 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3)
  by minotaur.apache.org with SMTP; 4 May 2009 16:49:31 -0000
Received: (qmail 79333 invoked by uid 500); 4 May 2009 16:49:31 -0000
Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org
Received: (qmail 79299 invoked by uid 500); 4 May 2009 16:49:30 -0000
Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:modules-dev-help@httpd.apache.org>
List-Unsubscribe: <mailto:modules-dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:modules-dev@httpd.apache.org>
List-Id: <modules-dev.httpd.apache.org>
Reply-To: modules-dev@httpd.apache.org
Delivered-To: mailing list modules-dev@httpd.apache.org
Received: (qmail 79289 invoked by uid 99); 4 May 2009 16:49:30 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 May 2009 16:49:30 +0000
X-ASF-Spam-Status: No, hits=1.2 required=10.0
	tests=SPF_NEUTRAL
X-Spam-Check-By: apache.org
Received-SPF: neutral (athena.apache.org: local policy)
Received: from [209.85.218.213] (HELO mail-bw0-f213.google.com)
 (209.85.218.213)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 04 May 2009 16:49:24 +0000
Received: by bwz9 with SMTP id 9so4296544bwz.24
        for <modules-dev@httpd.apache.org>;
 Mon, 04 May 2009 09:49:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.223.108.140 with SMTP id f12mr1548001fap.69.1241455742283;
	Mon, 04 May 2009 09:49:02 -0700 (PDT)
Date: Mon, 4 May 2009 17:49:01 +0100
Message-ID: <9c95528d0905040949j5d261435g4bbea2c54b6213ae@mail.gmail.com>
Subject: mod_vhost_alias and mod_suexec
From: Oliver Cook <ollie@olliecook.net>
To: modules-dev@httpd.apache.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org

Hi,

I have a requirement to host tens of thousands of virtual hosts under
Apache2, whilst providing security to each through the use of
mod_suexec.

Using standard virtual hosts is not suitable in my environment due to
the memory footprint of httpd when running with thousands of virtual
hosts and the increasing restart time. However, without discrete
<VirtualHost> configuration directives per virtual host, I am
naturally not able to use SuexecUserGroup to describe the user and
group to run as.

Therefore I have been looking for a module / patch that makes
available the functionality of mod_suexec through mod_vhost_alias,
perhaps mapping from a hostname to a UID and GID from a DBM map. So
far, I have found mod_cgiwrap (http://mod-cgiwrap.sourceforge.net/)
but unfortunately, that is discontinued and in any case supported only
Apache 1.3 not 2.0, nor 2.2.

Before I start getting my hands dirty with the Apache source I wanted
to check on this list whether any of the readership is aware of either
a) modules that support the functionality I describe above, or b)
whether there are other secure solutions to achieve my goals.

With thanks,

Ollie