* Jan Kaluža wrote: > Hi, > > currently, the External Rewriting Program (RewriteMap "prg:") is run as > root. I would like to change it but I see three ways how to do it: > > 1. Execute it right after drop_privileges hook. This looks like best > way, but I haven't found any hook which could be used for that (except > drop_privileges with APR_HOOK_REALLY_LAST, which does not seem as proper > place to me). > > 2. Execute it in child_init. This is done after drop_privileges, so the > user/group is good. The "problem" here is that it would execute one > rewrite program per child. Right now I'm not sure if it's really > problem. It could be useful to have more instances of rewriting program > to make its bottleneck lower. > > 3. Execute it where it is now (post_config), but set user/group using > apr_procattr_t. So far I think this would duplicate the code of > mod_unixd and would probably have to also handle the windows equivalent > of that module (if there's any).
May be 4) Invoke suexec somehow and 5) Let it drop the privileges by itself. I actually tend to 5 :-) nd -- Winnetous Erbe: <http://pub.perlig.de/books.html#apache2>
