> > On 9/11/14 1:26 AM, Martynas Bendorius wrote: > > For someone who is going to review the patch, I am adding more > information of why is the patch needed. Patch includes only a few minor > changes to it, that would help shared web hosting to adopt FastCGI for > some critical parts like global aliases. Currently it's impossible to > switch user for aliases (and with the patch it's easy to do). > > That's needed for situations like: > Alias /roundcube "/var/www/html/roundcube-1.0.2/" > > If application is placed under /var/www/html, it has a different user > set when accessing the alias from user's virtualhost, so SuexecUserGroup > needs to be specified globally like: > <Directory /var/www/html> > SuexecUserGroup webapps webapps > </Directory> > That way when accessing anydomain.com/roundcube, it would be executed > under "webapps" user permissions. Without the patch, due to > SuexecUserGroup suexec configuration in VirtualHost context for the > customer (shared hosting account), it's executed under customer's > permissions (and most often the client doesn't have enough of > permissions to read sensitive data like MySQL passwords and so on). > > From my point of view it adds more security and flexibility when using > PHP-FastCGI under shared hosting environment. > > +1 for this one,
it's a pity that this patch hasn't got the attention of suexec developer. It's a must feature for shared hosting environments where the same virtualhost can handle multiple applications from different users. -- Marc
