Re: user privileges with php (like with suexec)
Probably not. If you're not using the CGI version of PHP, then you
have to use the module version, and thus PHP will be joined at the
hip with the Apache daemons and you're stuck w/ the user/group that
Apache is running under.
As you mentioned, the CGI version of PHP does not have this problem,
but it has its own performance issues (forking new processes, etc.).
You might look into the php.ini file that comes with PHP. The PHP
authors have added a lot of security options that you might find
useful. Among these are options like disabling any number of PHP
built-in functions, memory limits on running scripts, processor time
limits on running scripts, etc.
Unfortunately, the user/group issue with the module version of PHP is
not easily solveable.
I am wondering what is the best way to get simular results to suexec
I've heard of people running seperate instances of apache for each
client. Is that likely to be a messy solution? how much overhead would
each instance be?
The other solution is to use the CGI version of php and use suexec. I
still don't think this is as nice as just using the the php module.
Have I missed any solutions?
Although I'm reluctant to hack any code that would be running as root,
would it be possible to hack php to pass pages to child proceses owned
by the same user as the php file and if none exist create one?
To UNSUBSCRIBE, email to firstname.lastname@example.org
with a subject of "unsubscribe". Trouble? Contact email@example.com