Apparently I can't post this to -dev, because I'm not subscribed... could someone who is subscribed forward it there, because that's where it really belongs - thanks :) -------- Original Message -------- Subject: Suggestions for Apache JServ 1.1 (emulating SUexec) Date: Fri, 18 Jun 1999 22:20:01 -0400 From: Stuart Ballard <[EMAIL PROTECTED]> Organization: Wuffies International To: [EMAIL PROTECTED] I posted this suggestion on -users way back in the days of 1.0 pre-beta snapshots, but since at the time the project was focussed on bugfixing, it was put off for later. Now that 1.0 is out, I thought this would be a good time to re-submit it for consideration. I've thought it through a lot since the original suggestion, too. The desired end-result is to allow for SUID execution of servlets with JServ without too much resource wastage, but I've broken it down into a number of independent parts which each could be implemented separately. 1) Multiple automatic-mode engines. Allow the following syntax in httpd.conf: ApJServAutoEngine properties-file Multiple engines could be launched with different properties. This would completely supercede ApJServManual, which would be assumed if no engines were specified. 2) Specification of user and group in jserv.properties. This would probably be one of the easiest to implement. 3) Dynamic starting and stopping of JServ engines. This one has two parts: a) Stopping based on idleness. This could be configured in jserv.properties and would involve a criterion similar to "There are no active sessions and the engine has not been used in 20 minutes". The engine would then cleanly shut down. Of course the precise details of the criterion could be tweaked. b) Starting up on demand. This is a little bit harder, because the engines may be running from somewhere completely different than the webserver. However, it could be done if a C-based "wrapper" engine grabbed the JServ port and dealt with starting it up if it wasn't already running. The wrapper would then forward all data sent to the port to the engine once it started. (the C wrapper would be what the ApJServAutoEngine line started; maybe even only one wrapper would be started for multiple AutoEngines, and monitor all their ports, but that's an implementation detail) 4) Optional, but nice: The ability to specify certain urls or url patterns (regexps?) that would trigger the auto-start even if they didn't actually use it. This might be used so that when a user visits the (static) main home page of a site, the engine would be started up and be ready for when he proceeds from there to the dynamic servlet pages that hang off it. Most of these enhancements make sense by themselves, but to clarify how they would be used together: For each user the sysadmin granted "servlet" privileges to, he would add an ApJServEngine line pointing to a properties file that specified the user's name and group. It would also specify dynamic startup and stopping so that there weren't 500 JVMs running at once (on the assumption that most users' home pages aren't going to be very high-volume, so this would save a lot of resources). This would give a nice way to do "SUExec" with Jserv, without incurring ridiculous overhead or re-inventing the wheel by re-implementing the OS security settings in Java. What do people think? Stuart. PS I'd appreciate being cc:d on any followups that go to -dev only. Thanks :) -- -------------------------------------------------------------- To subscribe: [EMAIL PROTECTED] To unsubscribe: [EMAIL PROTECTED] READ THE FAQ!!!! <http://java.apache.org/faq/> Archives and Other: <http://java.apache.org/main/mail.html/> Problems?: [EMAIL PROTECTED]
