Fwd: SuexecUserGroup inside Directory context

[Marc Aymerich <gl...@gmail.com>]

>
> On 9/11/14 1:26 AM, Martynas Bendorius wrote:
>
> For someone who is going to review the patch, I am adding more
> information of why is the patch needed. Patch includes only a few minor
> changes to it, that would help shared web hosting to adopt FastCGI for
> some critical parts like global aliases. Currently it's impossible to
> switch user for aliases (and with the patch it's easy to do).
>
> That's needed for situations like:
> Alias /roundcube "/var/www/html/roundcube-1.0.2/"
>
> If application is placed under /var/www/html, it has a different user
> set when accessing the alias from user's virtualhost, so SuexecUserGroup
> needs to be specified globally like:
> <Directory /var/www/html>
> SuexecUserGroup webapps webapps
> </Directory>
> That way when accessing anydomain.com/roundcube, it would be executed
> under "webapps" user permissions. Without the patch, due to
> SuexecUserGroup suexec configuration in VirtualHost context for the
> customer (shared hosting account), it's executed under customer's
> permissions (and most often the client doesn't have enough of
> permissions to read sensitive data like MySQL passwords and so on).
>
>  From my point of view it adds more security and flexibility when using
> PHP-FastCGI under shared hosting environment.
>
>
+1 for this one,

it's a pity that this patch hasn't got the attention of suexec developer.
It's a must feature for shared hosting environments where the same
virtualhost can handle multiple applications from different users.

-- 
Marc