RE: vhost file protection (was: Inclusion of mpm-itk into HEAD)

[Allen Pulsifer <pu...@comcast.net>]

> Folks want their static  
> files to be owned by themselves, and not readable to random other  
> users on the same system, but also serve-able by Apache. There are  
> various user and group permission that can make this sort-of-but-not- 
> quite happen, because whatever you do, someone can write a cgi  
> program that can read your files.

Here's a set up I'm considering implementing to solve this same problem:

Every vhost is assigned a unique uid and gid.  Let's call them uid=vhost and
gid=vhost.

Apache runs as uid=apache gid=apache.

The vhost's files and directories are set with uid=vhost and gid=apache,
permissions user read and group read.

Apache is able to read and serve the file by virtue of its gid.

When a cgi is launched, mod_suid is used to change the cgi process to
uid=vhost and gid=vhost.  The cgi process is able to read the vhost's files
by virtual of its uid.  However, it is not able to read any other vhost's
files.

Can you see any reason this would not work?