Hi,
I have written a file sync module, that will pull files from web server 1
to web server 2. the module on web server 2 writes the file (whether an
image file or a code file) into the right place in the docroot. It's kind
of experimental.
there are clearly security problems with this. the module runs as the
user/group of the httpd process, so all files become writeable by httpd in
the docroot.
my question is, are there any suggestions as to something like switch uid
on a module basis ? this module is only enabled for a specific
<Location>, and access is restricted by IP. it's intended to sync files
between a farm of privately connected web servers (a front end tier).
at the moment I am thinking a second apache instance running on a
different port (say 81), and running as a different uid/gid. this second
instance only serves requests for this module/Location. but it seems a
bit ugly.
cheers,
Doug
- running a module as a different uid Doug Bridgens
-
