Hi, > > SuPHP is then readily configured and knows the user ids it has to > switch to.
> However, I believe the mechanism that both suphp and suexec use to > switch > groups is a setuid root executable that is called with the arguments > for the > username to use. > > But you are trying to make this depend on the request itself. > As suphp and suexec do. This is why you can't do the user switching > with > mod_php, apache has already dropped privileges. Of course that's correct. What I was trying to say but obviously failed to convey are my doubts that it is possible to accomplish the task of switching to the right user using an environment variable set by mod_rewrite. A patch to suPHP might of course be able to do just that. > > So to serve the request you first would have to know the contents of > that > > request. Obviously that can't work right away. > This much is true. You'd have to hack away at suphp in order to change > what > it's doing. Be careful though, if you make a mistake then it's an easy > exploit waiting to happen. Yes, that's what I wanted to say. :) _______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp
