[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: user privileges with php (like with suexec)

On 12 Jun 2001, at 1:21, Jeremy Lunn wrote:

> I am wondering what is the best way to get simular results
> to suexec with php?
> I've heard of people running seperate instances of apache
> for each client.  Is that likely to be a messy solution?
> how much overhead would each instance be?

You will need a separate IP adresse for each apache instance.
Not a solution, usually.

> The other solution is to use the CGI version of php and use
> suexec.  I still don't think this is as nice as just using
> the the php module.
> Have I missed any solutions?
> Although I'm reluctant to hack any code that would be
> running as root, would it be possible to hack php to pass
> pages to child proceses owned by the same user as the php
> file and if none exist create one?

I'll agree with that, the cgi version does not integrate
as smoothly as the module version. But since the module
version runs under the same uid as the apache process itself
(well, it actually can be considered part of the process)
it won't have the necessary rights to su.

Unfortunatelly you cannot set user/group in your apache
config within a virtual host. The user/group directives
once again will only affect cgi programs when set for vhosts.

Probably this is more an apache than a PHP issue?

Cheers, Marcel

 .´  `.
 : :' !  Enjoy
 `. `´  Debian/GNU Linux

Reply to: