Re: More configurable options needed for VirtualHost (fwd)

[Cliff Skolnick <cl...@organic.com>]

} > 
} > Hi,
} >  We're using Apache as our Web server and we plan to use the VirtualHost
} > feature.
} >  But we'd like differents pseudo-server to run under different users/groups
  .
} > Unfortunately 'User' and 'Group' are not part of the options that can be
} > set in the VirtualHost section.
} >  I think it'd be worth adding this to the configuration. What do you think?
} >    Regards.

Comments here address 0.7.x and 0.8.x apache releases, since 0.6.x is
forking, it's not as much an issue.

This can't easily be done securely.  Since the same processes are serving
many different hosts, there would need to be a way to switch user ID's when
each request was received.  There are differences in UNIX varients how
one can "get back root uid" without using singles so portability would suffer
also.  The last resort of keeping the daemon as root until a request comes
in does not sit well with me either since the process would have to switch
back to root when it was completed.  Httpd is too big to run as root IMHO.

This is an argument for "BindAddress" functionality.  Perhaps we should
document that and add it into the new framework :(

Cliff