httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ben Gill" <Ben.G...@t-mobile.co.uk>
Subject RE: [users@httpd] Running scripts as different users
Date Tue, 28 Sep 2004 13:22:37 GMT
Ok thanks,

But how does suexec work? (I cannot find the info on the Suexec info
page)

Does it literally do an 'su' every time a request is serviced?

Ben

-----Original Message-----
From: Joshua Slive [mailto:jslive@gmail.com] 
Sent: 28 September 2004 14:05
To: users@httpd.apache.org
Subject: Re: [users@httpd] Running scripts as different users


[Please post in plain text.]

> I would like appA to run as userA and appB to run as user appB.
  
> I would like the applications to both be accesible via port 80.
  
> Is Suexec my only solution here?

You have two options:

1. suexec/cgiwrap/etc (suid execution of cgi scripts)

2. Run the two apps on different apache instances on different ports and
use ProxyPass from apache on port 80 to reach the other apps.

And no, this was never possible with apache 1.3.  User/Group inside the
<VirtualHost> only affected suexec, not the user for regular requests.
This is a basic limit of the unix permissions model. You can't switch
users inside the same process and then get back to root again without
creating security problems.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message