Hi,
currently, the External Rewriting Program (RewriteMap "prg:") is run as
root. I would like to change it but I see three ways how to do it:
1. Execute it right after drop_privileges hook. This looks like best
way, but I haven't found any hook which could be used for that (except
drop_privileges with APR_HOOK_REALLY_LAST, which does not seem as proper
place to me).
2. Execute it in child_init. This is done after drop_privileges, so the
user/group is good. The "problem" here is that it would execute one
rewrite program per child. Right now I'm not sure if it's really
problem. It could be useful to have more instances of rewriting program
to make its bottleneck lower.
3. Execute it where it is now (post_config), but set user/group using
apr_procattr_t. So far I think this would duplicate the code of
mod_unixd and would probably have to also handle the windows equivalent
of that module (if there's any).
What way do you think is the best, or would you do it differently?
I'm attaching patch for number 2.
Regards,
Jan Kaluza
Index: modules/mappers/mod_rewrite.c
===================================================================
--- modules/mappers/mod_rewrite.c (revision 1663642)
+++ modules/mappers/mod_rewrite.c (working copy)
@@ -4449,17 +4449,6 @@
apr_pool_cleanup_register(p, (void *)s, rewritelock_remove,
apr_pool_cleanup_null);
- /* if we are not doing the initial config, step through the servers and
- * open the RewriteMap prg:xxx programs,
- */
- if (ap_state_query(AP_SQ_MAIN_STATE) == AP_SQ_MS_CREATE_CONFIG) {
- for (; s; s = s->next) {
- if (run_rewritemap_programs(s, p) != APR_SUCCESS) {
- return HTTP_INTERNAL_SERVER_ERROR;
- }
- }
- }
-
rewrite_ssl_lookup = APR_RETRIEVE_OPTIONAL_FN(ssl_var_lookup);
rewrite_is_https = APR_RETRIEVE_OPTIONAL_FN(ssl_is_https);
@@ -4485,6 +4474,11 @@
ap_log_error(APLOG_MARK, APLOG_CRIT, rv, s, APLOGNO(00667)
"mod_rewrite: could not init map cache in child");
}
+
+ /* step through the servers and open the RewriteMap prg:xxx programs */
+ for (; s; s = s->next) {
+ run_rewritemap_programs(s, p);
+ }
}