[kwlug-disc] Apache vhosts as different users

L.D. Paniak ldpaniak at fourpisolutions.com
Mon May 18 23:38:52 EDT 2020


Or one can forgo the details of threads and run each virtual host as a
separate container (LXC, Docker...)

On 5/18/20 11:29 PM, Khalid Baheyeldin wrote:
> It seems whichever way you do it, you have to settle for something
> that executes PHP
> in a process for that particular Linux user ID, and doing that, forgo
> all threaded efficiencies ...
>
> For example, for libapache2-mpm-itk
>
> This is how it is described in the repo:
>
> The mpm-itk module, although not technically a Multi-Processing Module
> (MPM)
> (although it used to be) *enhances the classical "prefork" module*
> (that is,
> *without threads*), in such a way that it allows you to constrain each
> individual
> vhost to a particular system user and group. This allows you to run
> several different
> web sites on a single server without worrying that they will be able
> to read each
> others' files. mpm-itk is largely independent of e.g. what scripting
> technology is in
> use on your server; in particular, it does not require you to run your
> scripts as CGI
> to get the extra security benefit.
> Homepage: http://mpm-itk.sesse.net/
>
> There is also mod_privileges
> https://httpd.apache.org/docs/2.4/mod/mod_privileges.html
> But it requires mod_php, so back to the same model
>
> Depending on the site specifics, either would be workable. For
> example, if the code
> base is relatively small (does not eat a lot of RAM), and has low
> traffic.
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200518/f71ce620/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20200518/f71ce620/attachment.sig>


More information about the kwlug-disc mailing list