Shane De Jager wrote:
Hi
In O'Reilly Practical mod_perl Appendix C Under C.1. Users Sharing a Single Web
Server it states:
mod_perl 2.0 improves the situation, since it allows a pool of Perl
interpreters to be dedicated to a single virtual host. It is possible to
set the UIDs and GIDs of these interpreters to be those of the user for
which the virtual host is configured, so users can operate within their
own protected spaces and are unable to interfere with other users.
Or is this not the case anymore?
It never was the case, Shane. Unfortunately this is a mistake. You can
have pools of interpreters, but since they reside in the process, they
have the perms of the process. It'll be possible with certain MPMs as
explained below:
This may change in the future if perchild or metux MPM will be released.
This will allow to have groups of processes/threads running under a given
uid/gid, which may or may not suit your needs (e.g. it probably won't
scale well if you have hundreds of users you want to 'suexec' to).
Give a try to the metux mpm, they say it's in beta. Though we haven't
tried it under mod_perl. Most likely some tweaks might be needed.
--
__________________________________________________________________
Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide ---> http://perl.apache.org
mailto:[EMAIL PROTECTED] http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org http://ticketmaster.com
