httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse B. Crawford" <jean...@nmt.edu>
Subject Re: [users@httpd] best practice: suexec with PHP5 in a many-user/non-technical-user environment
Date Thu, 27 Oct 2011 20:31:54 GMT
On 10/26/2011 07:58 PM, Yehuda Katz wrote:
> On Wed, Oct 26, 2011 at 9:49 PM, Alexandr Normuradov
> <normalex@gmail.com <mailto:normalex@gmail.com>> wrote:
>
>     Use MPM ITK.
>     Solves security, memory and speed problems.
>     Tested in production, very good alternative for environments when
>     users are not very savvy and not require custom php.ini
>
>
> I use ITK with great results, but it needs to be configured for every
> virtual host individually.
> I believe the original poster is looking for a solution that will work
> with ~userdirs.
>
> I should add that I do not know of any universities that allow
> students to run arbitrary code on the primary servers.
> At the University of Maryland, you can not run ANY code on the users
> server <http://terpconnect.umd.edu> (they used to allow SSI, but that
> is gone now too) and many departments require an internal audit of
> your application before they will let it run on their servers.

Perhaps we are strange in this regard, we attempt to support all CGI
applications. That we don't have much trouble with this is probably
purely a consequence of being a small school such that our staff can
still watch all systems very carefully.

MPM-ITK does look problematic because of the per-vhost configuration. At
this point I am thinking suphp is the best solution. Does anyone have
any experience with this extension? The documentation makes it sound
like suPHP and suExec at the same time will work just fine, and it looks
like it can be fairly easily configured for a userdir environment.

Thanks for the input!

-- 
Jesse B. Crawford (jeanluc)
Systems Programmer
Tech Computer Center
New Mexico Inst. of Mining & Tech.

jeanluc@nmt.edu // http://nmt.edu/~jeanluc


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message