User/Group in Virtual Hosts?

[Michael Smith <mj...@cursci.co.uk>]

I guess I'm going to get unpopular if I come up with ideas without
implementation but ...

Is there any reason why User/Group directives can not be used in virtual
hosts?  The reason I would like to be able to do this is so that people
for whom I am running virtual hosts will be able to kill their own
spawned processes.  At the moment I have to do this every time :(

What do the apache-meisters say?

Mike

Re: User/Group in Virtual Hosts?

[ra...@madhaus.utcs.utoronto.ca]

> I guess I'm going to get unpopular if I come up with ideas without
> implementation but ...
> 
> Is there any reason why User/Group directives can not be used in virtual
> hosts?  The reason I would like to be able to do this is so that people
> for whom I am running virtual hosts will be able to kill their own
> spawned processes.  At the moment I have to do this every time :(

The User/Group directives specify which user/group the httpd spawned
processes should be launched as.  Each spawned process can field requests
for multiple virtual domains.  Therefore to support what you are
suggesting, these processes must be able to switch user id's on the fly.
In order to do this they would have to run as root *and* be able to
switch back from whatever non-priviledged user/group they switched to.
The first is simply a bad idea, the second is not possible on all operating
systems.

You would be better off solving your problem with either mod_sucgi or
cgiwrap.

I suppose one way around this would be to launch separate httpd processes
for each virtual domain.  This wouldn't work very well for a high number of
domains though.  Or, one could check the current user id of the daemon
and if it is not the correct one for the current virtual domain, terminate 
the process and start a new one that does have the correct id.  This would
require a mechanism for "handing off" a request from one server to another.

-Rasmus