From owner-freebsd-isp Wed Aug 7 9:38:27 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3DE4037B400 for ; Wed, 7 Aug 2002 09:38:25 -0700 (PDT) Received: from transport.cksoft.de (transport.cksoft.de [62.111.66.27]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9180243E5E for ; Wed, 7 Aug 2002 09:38:24 -0700 (PDT) (envelope-from ck@cksoft.de) Received: from localhost (localhost [127.0.0.1]) by transport.cksoft.de (Postfix) with ESMTP id 97B981FFD11; Wed, 7 Aug 2002 18:35:49 +0200 (CEST) Received: by transport.cksoft.de (Postfix, from userid 66) id EF2D21FFD13; Wed, 7 Aug 2002 18:35:48 +0200 (CEST) Received: by hirvi.cksoft.de (Postfix, from userid 1000) id 77AAC1B65A; Wed, 7 Aug 2002 18:35:01 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by hirvi.cksoft.de (Postfix) with ESMTP id 2335B18E88; Wed, 7 Aug 2002 18:35:01 +0200 (CEST) Date: Wed, 7 Aug 2002 18:35:01 +0200 (CEST) From: Christian Kratzer To: Gabriel Ambuehl Cc: Subject: Re: Porting Apache 2 MPM perchild to FreeBSD. Raising funds? In-Reply-To: <4515979484.20020807145607@buz.ch> Message-ID: X-Spammer-Kill-Ratio: 75% MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by AMaViS snapshot-20020300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Wed, 7 Aug 2002, Gabriel Ambuehl wrote: > Hello, > I'm kinda annoyed that MPM perchild, the by far coolest feature of > Apache 2, doesn't work on FreeBSD. Basically, perchild would allow it > to have Virtualhosts running under different UIDs than the mainserver > which, how I understand the docs, would mean that we'd finally be able > to run PHP and other DSOs under the UID of the user the Vhost belongs > to meaning the safe_mode/open_basedir hacks in PHP would be obsolote. > I think most of the ISPs who use vhosts on this list would have a big > interest in getting this feature to work ASAP because it results in > *greatly* increased security for shared webhosting environments. [snipped] even with the Apache MPM functionality setting the userid for a virtualhost with AssignUserID and ChildPerUserID configuration options http://httpd.apache.org/docs-2.0/mod/perchild.html#assignuserid http://httpd.apache.org/docs-2.0/mod/perchild.html#childperuserid would preallocate a certain amount of worker threads for a certain userid. This would not be of any use for masshosting environments with hundreds of vhosts per server. With hundreds of vhosts per server all served by common server processes you can share the perhaps 10-20 servers for all vhosts. With MPM you would have to preallocate the servers. Not good. Of course for a a handfull of customers who all want to run the php module instead of the cgi this would be doable. For these kind of numbers of customers a jail setup is already an option today. Anyway I would think that the threading support in upcoming FreeBSD 5.0 should take care of the mpm stuff. just my 0.02$ Greetings Christian -- CK Software GmbH Christian Kratzer, Schwarzwaldstr. 31, 71131 Jettingen Email: ck@cksoft.de Phone: +49 7452 889-135 Open Software Solutions, Network Security Fax: +49 7452 889-136 FreeBSD spoken here! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message