On 8/29/06, Gary W. Smith <[EMAIL PROTECTED]> wrote:
Joshua,
Let me pass this pseudo logic by you.
* Create a dedicated user (say suapache:suapache/no shell/no homedir).
* Add that user to the sudo privileges file (with access the dedicated
list of apps they can execute with nopass set and only localhost as
access).
* Create another instance of Apache running on a different port running
with the new user (suapache) on 127.0.0.1.
From reading the sudoers sample page this seems to fit what I want to
do. Does this logic seem appropriate?
My next question about the Apache instance. I can either do one of two
things, create a completely separate instance of apache from source or
use the existing runtime with a separate configuration file. I am
familiar with the first (as we have run two separate instances before)
but I don't have any experience running two instances with distinct
configuration files.
Which would you suggest?
Sounds fine to me. I'd probably go with a separate install, just so
that you can strip the second apache down to the absolute minimum
modules. (You could do the same with one install if you use
dynamically-loaded modules, but it is a little less clean.)
Joshua.
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
