A major asset for many Apache users is the ability to sandbox multiple users on a shared host. Apache offers limited capabilities in this area, such as "suexec" for CGI scripts.
A more ambitious effort, the "Perchild" MPM, was designed to run different virtual hosts under different system users. It worked up to a point on Linux, but never reached operational quality, and has long since been abandoned. There are also some third-party efforts in this space. Generic unix chroot support for an apache server is available, but is no use for separating users. I am interested in exploring possibilities for sandboxing users, and for raising the security of a shared server. This could be a real killer app amongst hosting companies. I'm looking at the security features in Solaris, particularly zones, with a view to trying to harness them to offer improved capabilities in this space. Cross-platform capabilities (e.g. implementing a similar thing with FreeBSD jails) might happen in due course, but will not be a priority. In addition, if I am able to implement my most ambitious idea - an MPM that runs each virtual host in its own zone - that might also generalise to an MPM that will run apache distributed over multiple hosts in a cluster. -- Nick Kew
