apache2-mpm-itk little quirks
A while back there was some interesting discussion of
apache2-mpm-itk on this list.
The big advantage is that this Multi-Processing Module lets you
easily set the user and group a particular apache virtual server
runs as. If everything isn't running as www-data, it is harder
for a compromised script on one site to wreak havoc on another site.
mpp-itk requires much less config and hassle than uexec suphp and
friends.
I've recently come across a couple quirks:
1) libapache2-mod-security2 runs as the user
you set in your virtual server configuration.
so at least if you have:
SecAuditLogType Concurrent
..then
SecAuditLogStorageDir
...needs to be world writable
2) libapache2-mod-cband segfaults
Probably for #1, SecAuditLogStorageDir can be set per virtual
host, so no big deal.
I'll file a proper bug report on #2 , but thought I'd kick this
to the group first.
Reply to: