[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

apache2-mpm-itk little quirks

A while back there was some interesting discussion of apache2-mpm-itk on this list.

The big advantage is that this Multi-Processing Module lets you easily set the user and group a particular apache virtual server runs as. If everything isn't running as www-data, it is harder for a compromised script on one site to wreak havoc on another site.

mpp-itk requires much less config and hassle than uexec suphp and friends.

I've recently come across a couple quirks:

  1) libapache2-mod-security2 runs as the user
     you set in your virtual server configuration.
     so at least if you have:

	SecAuditLogType Concurrent

...needs to be world writable

	2) libapache2-mod-cband segfaults

Probably for #1, SecAuditLogStorageDir can be set per virtual host, so no big deal.

I'll file a proper bug report on #2 , but thought I'd kick this to the group first.

Reply to: