On Sun, 15 Apr 2001, Thomas K. Burkholder wrote:
> Thanks again for the help - I have another one-
>
> My application consists of perl modules with file permissions set only
> to a particular user 'burkhold'. The database password is kept in
> plaintext in one of those modules. I use the User: and Group:
> directives in access.conf to cause the uid of the spawned httpd process
> to have permission to execute the code. It works fine, except that it
> seems I can't embed 'User: burkhold' inside a <Location> directive, so
> all requests have to be served as 'burkhold'. It seems like there
> should be some simple way in apache to specify what user the httpd
> should be set to when it's spawned, but except for the global User: I
> haven't found a way.
>
An httpd process is spawned to handle _all_ locations, that is why the
Group/User can only be specified per server. If apache was able to spawn
separate processes to only handle one location, your suggestion would
work.
The only solution i would offer would be to proxy all requests to
that location to another apache server, running on a different port,
as user bukhold. The main server could then run with whatever user is
appropriate, and have a ProxyPass directive to forward requests requiring
user burkhold.
sterling
> If I can't make this work, I may have to turf module handlers and go
> with a Registry and setuid solution, which I think would be a shame
> since I think handlers are a lot more elegant.
>
> This is probably well-trodden territory - anyone got a solution?
>
> Thanks again, several of you have been helpful to me, and I do
> appreciate it.
>
> Happy Easter.
>
> //Thomas
> Thomas K. Burkholder
> [EMAIL PROTECTED]
>
