httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <>
Subject Re: [users@httpd] Apache Security
Date Sat, 09 Apr 2005 02:01:51 GMT
On Apr 8, 2005 6:55 PM, dan <> wrote:
> Hello, all -
> Doing some research into tightening security down on Apache for
> untrusted users, I've come up with a few questions.
> Apache's suEXEC functions look pretty neat.  But it sounds as if this
> only protects executables (hence the name, suEXEC), and not the actual
> child processes that Apache starts.  This is fine, but not exactly what
> I'm looking for.
> Ultimately, I'd like to have each VirtualHost run as a seperate user,
> and then from there I can restrict access based on user privileges,
> rather than doing this through Apache.
> There's also the jail, but for this situation, wouldn't quite work for a
> number of reasons.
> If there's anything remotely close to what I'm thinking about, can
> someone please bounce back a message to the list and tell me a bit about
> it?  If I'm wrong about how suEXEC works, can you please correct me on
> that, as well?  Would you mind giving some details as to how you would
> secure Apache for hosting for untrusted users?

This is actually a very hard problem because of the basic nature of
unix security.  See, for example, the discussion of this topic here:

The closest you will come is
1. The "metux mpm", which I've never used.  I'm not sure how well it works.
2. Setting up a bunch of different apache installs on different ports
with different users and put a reverse proxy in front of them.


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message