Restarting apache takes roughly 1 second. Your argument about hundreds of
accounts being added each time implies that you intend to have A LOT of users
who may end up using PHP on a single machine. Based on this 'guestimate'
within 1 month you intend to have 3000+ users on a single machine. Now, I am
simply curios as to what hardware do you have that supports this wonder?
Additionally apache HUP does not affect users as current requests are sent 1st
and then apache is restarted, the entire process is transparent to the user,
for whom a 1 second delay is hardly noticeable. Download & generation of most
pages will take >1 second anyway.
As for Rasmus' idea of adding various options and possibly regular expression.
open_basedir works right now with a minimum amount of overhead in most
situations. Which still makes the file operations a fair bit slower, but
certainly acceptable loss given the security benefits. However, adding more
options, that would make open_basedir resolving quite a bit slower will
quickly tip the scales in favor of performance. With complex file system
operation checks, you certainly will not be able to host anywhere near 3000
users.
Ilia
On March 19, 2004 03:43 pm, Rasmus Lerdorf wrote:
> On Fri, 19 Mar 2004 [EMAIL PROTECTED] wrote:
> > The reason why I would want to play with settings in php.ini or/and
> > httpd.conf often is because everytime I modify those config files I MUST
> > restart apache in order for changes to take place, meaning I will have
> > DOWNTIME. Now imagine hundreds of new accounts added per day to your
> > hosting machine, that means the webserver will end up getting restarted
> > hundreds of times... Hundreds of seconds per day add up to minutes of
> > downtime... and as we all know downtime is something everyone tries to
> > avoid at all costs.
>
> That's a good point. But this implementation still doesn't seem very
> slick to me. What about something like:
>
> open_basedir = /var/www/{user}/public_html
>
> Where {user} would map to the owner of the script being executed. Other
> things that might be supported as well: {group}, {regex:a.*$}, {host}
> and probably other things as well. I haven't thought through this very
> much yet, but that seems like a more flexible approach to this problem.
>
> -Rasmus
--
PHP Internals - PHP Runtime Development Mailing List
To unsubscribe, visit: http://www.php.net/unsub.php
