Re: Default Apache install not fit for multiple domains/users
> I want to enable some friends of mine to host their web pages on my
> woody server. It has Apache LAMP running in great shape and it suits my
> Web page just fine. The Problem that I have now is, that the apache user
> is www-data. Well, I guessed I could just change the user permissions on
> the /var/www/<path.to.site> directories to the respective user names,
> but that doesnt do the trick, because then, all write permissions for
> cgi scripts for these diretories are gone, as they no longer belong to
> www-data.
maybe you can try what i've used , which basically is :
#1 - mod_diffprivs
http://sourceforge.net/projects/moddiffprivs/
this apache module enables apache to switch uid/gid when serving virtual
hosts . each virtual host is effectively served as the owner .
take for example this vhost snippet :
<VirtualHost *>
DocumentRoot -(removed)-
ServerName gum.doubleukay.com
Privs hata hata
PrivsGroups On
</VirtualHost>
when a request is sent for gum.doubleukay.com , its php/cgi scripts will
create/read files and execute commands as user hata and group hata .
#2 - ERUP (enhanced regular user privileges)
http://www.wijata.com/erup
and this one lets me grant the apache user (www-data) privilege to perform
uid/gid switching , so that i dont have to run apache as root .
there's a few performance-related issues with the above setup though . HTTP
keepalives and pipelining have to be disabled because once an apache child
switches uid , it cant switch back to www-data and serve subsequent requests
. the clients would notice a definite 'lag' in page loading as a new
connection would have to be open to the http server for each element . the
server would also undergo load problems as new children would have to be
forked for each http request . however , there is a way to reduce this
problem :)
regards,
wK (www.doubleukay.com)
Reply to: