On Jun 25, 2007, at 00:36, Graham Dumpleton wrote:
A few comments below, but a few questions first to satisfy my own
curiosity.
What specific applications are you running that require things to be
run as a distinct user? Are these applications implemented directly in
C as custom Apache modules, or are you writing stuff in other
languages, ie., such as PHP, Perl, running under mod_php or mod_perl?
What are the perceived reasons that solutions such as mod_fastcgi,
mod_scgi or the various mod_proxy type solutions wouldn't be a viable
alternative for hosting your application?
It's a request that comes up every single day in the various support
forums: I am in a hosted environment, I have a virtual host, and a
bunch of random strangers have full read permissions to my sensitive
files, is there any way around this? So one of the main problems is
not applications at all, but is static files. Folks want their static
files to be owned by themselves, and not readable to random other
users on the same system, but also serve-able by Apache. There are
various user and group permission that can make this sort-of-but-not-
quite happen, because whatever you do, someone can write a cgi
program that can read your files.
So, in that situation, mod_fastcgi, mod_scgi, or whatever, are
completely ineffectual. Having a solution where FILES are read by
some other UID would solve this long-standing complaint.
Speaking only as help-desk personnel, and not as a code developer - I
have no insight into how this would be implemented, I only answer the
question, every day of every week for the last half-dozen years.
--
"There are two kinds of light--the glow that illuminates, and the
glare that obscures."
James Thurber
