On 27-Jun-07, at 1:01 PM, Joshua Slive wrote:
On 6/27/07, Nick Kew <[EMAIL PROTECTED]> wrote:
This is a problem that could be solved by documentation.
Maybe not quite as simple, but when the alternative is accepting
new connections whilst running as root.
Here's a start:
http://wiki.apache.org/httpd/Recipes/Privilege_Separation
I just added a section to:
http://wiki.apache.org/httpd/Recipes/
Different_UserIDs_Using_Reverse_Proxy
which could also use a bit of polishing. It uses mod_rewrite to do the
proxying, rather than virtual hosts, which makes it possible to avoid
having to change the proxy server's configuration when adding or
deleting user servers.
If the user servers are listening on high ports, then they can be
started as the user/group rather than as root, and the owner could
have quite a bit of flexibility in configuring their server. It's
quite possible that less reliance on .htaccess files would actually
compensate for the additional cost of running multiple server
instances.
