On 01/02/2018 18:54, Yann Ylavic wrote:
I have this patch (attached) floating around that allows users to
configure a*fixed* UID for each vhost.
I am not an httpd expert. And I probably already know more than I want to.
When I read the above sentence - with the emphasis on *fixed* my first
thoughts were not on httpd internals on how a (semi-)fixed ID is used
internally. Falls in the category of "don't want to know. Instead, my
initial reaction - this might be useful for having multiple UID - aka
"UserNames" or other sort of "external", UID.
As I read the discussions I realized my first thought was off - but
still I continued thinking about - are there ways to make a vhost UID
external, e.g., add to my logs for accountability. And I found myself
"dreaming" - how about a different UID (aka Username) that would
setuid() per vhost. Could be a nice way to separate data permissions -
per vhost.
So, maybe you do not really need it for something internal - per your
own discussion.
However, as a new "Directive" and all - what are ways this could be
applied to improve/enhance security and/or accountability. Is, perhaps,
the concept of a ServerUID as a new directive something that could be
useful to a complex website - and much more than config-file fluff?
I hope this helps - and is "out of the box" thinking. If not, well I
tried. :)
Good day all!
Michael