2009/12/16 Dan Poirier <poir...@pobox.com>: > Jordi Prats <jordi.pr...@gmail.com> writes: > >> If you start apache with root as usual, you realize that every module >> is able to run code with root privileges: > ... >> Why is coded this way? Shouldn't run with lower privileges? > > No. That's not the purpose of apache modules.
There is a lot more to it than that. Parts of the code of an Apache module that are run in Apache parent process will run as that user, normally root, but handling of actual requests in an Apache worker process are done as less privileged user. Suggest OP read: http://www.fmc-modeling.org/category/projects/apache/amp/Apache_Modeling_Project.html to understand the whole life cycle of Apache configuration and initialisation, and of separate per request life cycle. Graham
