Paul Querna wrote: > I have had an idea for replacing the perchild MPM boggling around inside > my head for awhile now. This is an idea for a different architecture to > allowing different UIDs to serve httpd requests. I am looking for all > feedback with my proposed approach.
Are you familiar with FastCGI? My first impression is that most of what you envision is possible today with FastCGI, or would be possible with some (small) additional effort. FastCGI comes with a process manager that can be configured to start server processes on demand. Server processes can work as different uids (through suEXEC). I've used FastCGI to give individual users their own PHP engines (since PHP now comes with FastCGI protocol support built-in). I think the only part missing right now is the ability to compile Apache to function as a FastCGI client, and accept requests over FastCGI instead of HTTP. That can be a full version of Apache, or a slimmed-down version (e.g. with no input/output filters). -- ModSecurity (http://www.modsecurity.org) [ Open source IDS for Web applications ]
