On May 15, 2004, at 12:25 PM, Adam Tilghman wrote:
I'm writing a module which plays with seteuid/setegid, and should therefore only be run under the prefork MPM.
at low level your reliance is on a single-threaded process handling requests?
That's correct - I'm switching UID/GID on every request based on the provided authenticated username. It seems to me a multi-threaded server wouldn't be able to handle this situation very well.
You know, I'd recommend using apache in reverse proxy mode.
You can then implement a module that rewrites the ProxyPass destination according to authenticated user name. This is done my modifying the host/port component of the location stored in r->filename.
If you hook your handler APR_HOOK_FIRST, but after mod_proxy, you can accomplish this. Then, the target destination would be another instance of apache running entirely in that user.
Of course, this would assume you have enough memory to handle multiple instances, and that you know the list of users ahead of time.
On the plus side, it prevents any potential wierdness with launching per-request server instances, and will be much more efficient in the it allows you to use threads.
--mark
ap_mpm_query() can check for such MPM characteristics
Thanks! I'll check out that function.
--
Adam Tilghman | Systems Support / Academic Computing | +1 858 822 0711
[EMAIL PROTECTED] | University of California, San Diego | fax +1 858 534 7018
