Mattias Segerdahl wrote:
Running php as cgi would still involve unique uid's, and I've got about 30k+
virtual users.
Without running under separate UIDs you aren't going to get true
separation. With separate UIDs, you can run using SUExec and FastCGI as
I'm doing (with a much smaller number of user accounts) and use OS
permissions to keep accounts separate.
I don't know what bottlenecks you might run into (for instance if you
put 30000 users in the password file), but if I was in your position I
would write some management scripts to populate the users table and
config files etc, and try to get separate accounts working. Using
php.ini to block access is not secure AFAIK. Unless you completely lock
it down to the point of non-usefulness, it is simple to defeat. Also, if
you allow the use of any CGI scripts, then you need separate users and
SUExec to be able to secure users' files from one another.
If I have said anything that is misleading or innacurate I trust and
hope that someone will correct me.
- Sam
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]