perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stas Bekman <s...@stason.org>
Subject Re: set the UIDs and GIDs in Mod_Perl 2
Date Fri, 22 Jul 2005 14:17:10 GMT
Shane De Jager wrote:
> Hi
> 
> In O'Reilly Practical mod_perl Appendix C Under C.1. Users Sharing a Single Web Server
it states:
> 
> mod_perl 2.0 improves the situation, since it allows a pool of Perl
> interpreters to be dedicated to a single virtual host. It is possible to
> set the UIDs and GIDs of these interpreters to be those of the user for
> which the virtual host is configured, so users can operate within their
> own protected spaces and are unable to interfere with other users.
>
> Or is this not the case anymore?

It never was the case, Shane. Unfortunately this is a mistake. You can 
have pools of interpreters, but since they reside in the process, they 
have the perms of the process. It'll be possible with certain MPMs as 
explained below:

> This may change in the future if perchild or metux MPM will be released. 
> This will allow to have groups of processes/threads running under a given 
> uid/gid, which may or may not suit your needs (e.g. it probably won't 
> scale well if you have hundreds of users you want to 'suexec' to).

Give a try to the metux mpm, they say it's in beta. Though we haven't 
tried it under mod_perl. Most likely some tweaks might be needed.

-- 
__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Mime
View raw message