Pedro Venda wrote: > On Tuesday 28 February 2006 16:14, Ryan James R. wrote: >> I am trying to accomplish a mass virtual hosting server where each >> website is run from it's own user account. Now I've accomplished >> putting the websites into user's ~/public_html directories but Apache >> is still running as it's own user so php file managers/admin backends >> that are run from these sites. >> >> I took a look at mod_userdir but I'm not sure if that's what I was wanting. >> >> From what I see, I think I need something that will allow apache to >> spawn with userid of site it is serving. Please correct me if I'm >> wrong and give as many suggestions as possible. > > there is more than one way to acomplish this, but none of them is perfect. > generally you loose performance and may gain bonus security holes if you're > not careful. > > * mod_suphp is the easiest and probably the best way to handle this. it > allows > selective php.ini configurations per vhost if you want and other nice > restrictions. the online documentation is NOT up to date. > > * mod_suexec is a more generic approach. However, when me and my team of > sysadmins needed it, we found out that it didn't work exactly as we expected. > we wanted it to serve .php files with the php cgi interpreter... if I > remember correctly, mod_suexec needed the executable bit set on scripts and > a .cgi extension, which would seriously break our installation. Miguel Filipe > - a friend of mine - wrote a one-liner patch to make it work as we needed on > a solaris apache2 installation we were administrating at the time (around > 8000 users).. (http://mega.ist.utl.pt/~miguel/code/) Yes, the patch is here http://mega.ist.utl.pt/~miguel/code/suexec+php.diff
but just looking through the several errors in the comments and the general hackish attitude in the code, I wouldn't recomend using it on production servers without further auditing. Is this patch submitted to the apache team? It looks simple enough, but as it is in a vital security area (suexec) it may bring big surprises later. Kalin. -- |[ ~~~~~~~~~~~~~~~~~~~~~~ ]| +-> http://ThinRope.net/ <-+ |[ ______________________ ]| -- [email protected] mailing list
