On 27-Jun-07, at 6:07 PM, Joshua Slive wrote:
Good point. I moved some of this discussion into its own section, since it applies equally to the main example.
Yes, that's much better.
I also removed your comments about needing separate LockFile/etc locations, since its not true in recent versions. (These files are created with the pid of the parent process appended to ensure they are unique.)
I actually tested that config file, and one of the stupid mistakes I made was not putting a PidFile directive into each config. As far as I can see, the ScoreBoardFile also needs a unique name; only the lock file has the pid appended. Also, I had to manually set UseCanonicalName Off, even though the manual says that's the 2.2 default. (This is a 2.2.4 installation from the FreeBSD port, although I didn't set up a jailed test.) In any event, if you're not starting the user servers as root, which seems like the most secure setup, then it's quite possible that they will not have write access to the /var subdirectories. If they were started in a (chroot) jail then none of that would be an issue. The other issues I ran into were fairly minor: I had to map the various modules and the mime.types file into places where the user servers could see them. I personally think this is quite a practical solution for mass virtual hosting, but it would take a bit more work to document and test. It might well be useful to have a sort of "kiosk" version of apache httpd, in which particular settings (for example, the listening interfaces and some of the mpm tuning directives) were locked down in some fashion. (Not everyone is going to want to use FreeBSD jails.) The goal would be to allow the user to directly write their own httpd configuration, thus avoiding the need to use .htaccess files.
