On Wed, Nov 27, 2002, James Ponder <[EMAIL PROTECTED]> wrote: > On Tue, Nov 26, 2002 at 07:44:34PM -0500, Johannes Erdfelt wrote: > > This can include shared (sometimes requiring connections to be passed) > > and non shared (always answered by the child) sockets. > > > > I don't particularly see the non shared case as a concern. The shared > > case can be a problem. > > > > If either are a problem, I suspect that perchild is not the MPM you want > > to use. > > Perhaps perchild can be improved further to have a set of listener > processes/threads, under the generic apache user id or another secured id, > which accepts connections but does not process them. These threads then > pass the connections on to the correct user-owned child id via the named > sockets, allowing these child users to have no listening sockets at all > (except the unix domain socket).
It would need to be a process. Mixing uid's among threads is not portable. Switching to a model like is possible, but I'm willing to be that passing fd's is not cheap and would just create overhead. Do you want to do this for security reasons? JE
