> If that is in fact what this directive does, in what way would that be > useful? This is not in the context of a virtual host, but I'm just > saying that a particular child process will run with certain privileges? > Why would I want to do that? Can someone give an example where this is > desirable?
This feature - I'm meaning it in the same way - allows you a to close a security hole of the previous version. Scenario: You are a web hoster, running hundreds of domains, each configured as virutal host. For security, you are running suexec with each virtual host having its own userid and group. For the apache being able to read statical files (e.g. simple html-files), it must be run with an userid, being member of all these groups. On unix/linux systems the userid can only be a member of up to 8/16/32 groups, depending on the system. If you need more, you have to patch the kernel and rebuild the system (or you have to patch suexec). Instead most of the providers do run the apache with suexec, having each virtual host its own userid. But all userids are a member of the same group. So a cgi-script can access every file of ervery virtual host. Kess E-Mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
