Re: alternatives to suexec in etch apache2
bottom posting.
Craig Sanders wrote:
On Sat, Feb 16, 2008 at 01:13:35PM -0500, Dan MacNeil wrote:
Under sarge, woody & potato we ran modified version of suexec that
skipped the check for group writable cgi files.
i've never liked suexec. it's way to rigid and unconfigurable. and,
unfortunately, the way it expects vhosts to be set up (esp. directory
layout) is completely unlike the way i set mine up.
i used cgiwrap for a long while, it's far more flexible.
[snip]
then i discovered apache2-mpm-itk (last year, i think). it's what i use
now.]
it works just like apache2-mpm-prefork except that each virtual
host runs under it's own UID.
works well with normal cgi, php, and libapache2-mod-speedycgi. probably
works with mod_perl too but i don't use that, i don't like using
mod_perl for vhosts. speedy-cgi-perl aka persistent-perl gives me
most of the benefits of mod_perl without the security risk of giving
unfettered access to the apache server (in fact, the mod_perl stuff that
speedy-cgi doesn't give me are precisely the things i don't want vhosts
doing - RW access to apache internals - so there's no loss). and it
works well with HTML::Mason.
apache2-mpm-itk looks good.
It would allow us to eliminate libapache2-mod-suphp and php4-cgi
The "highly experimental" bit seems like the author is more
cautious than most people..
From the home page
http://mpm-itk.sesse.net/
...It has been running in production for a few years for some
large sites.
Does apache2-mpm-itk require a seperate process for each vhost ?
This was not clear to me from the docs and perhaps others would
be curious.
Reply to: