22 Jan 2003 blindcoder   » (Journeyer)

Apache2

Screw those guys from Addison-Wesley! Quote from their book "Apache Webserver 2.0":

[mpm_perchild] is especially useful for big ISPs because they can run their Virtual Hosts under the user and group of their customers

While this is not entirely false, it's not the whole picture. Imagine an ISP with some 300 customers (does that count as large? I doubt that) and a configuration with mpm_perchild like this: 

*config config*
NumServers 300 #yes that's 300. One for each client
*more config*


 NameVirtualHost xxx.xxx.xxx.xxx #just assume all on one IP


 <Virtualhost xxx.xxx.xxx.xxx>
    DocumentRoot /var/www/cust0001
    ChildPerUserId cust0001 cust0001 1 # that's User, Group and Number of Servers for this combination. This can also go into Global, and doesn't actually change the User and Group for the VHost
    AssignUserId cust0001 cust0001 # User and group for this VHost
</VirtualHost>


 <Virtualhost xxx.xxx.xxx.xxx>
    DocumentRoot /var/www/cust0002
    ChildPerUserId cust0002 cust0002 1
    AssignUserId cust0002 cust0002
</VirtualHost>


 <Virtualhost xxx.xxx.xxx.xxx>
    DocumentRoot /var/www/cust0003
    ChildPerUserId cust0003 cust0003 1
    AssignUserId cust0003 cust0003
</VirtualHost>

and so on until cust0300. A `ps -eaf | grep httpd` would then show: 

cust0001  3582  3580  0 08:48:08 ?        0:00 /avol1/intranet/apache2/bin/httpd -k start
cust0002  3583  3580  0 08:48:08 ?        0:00 /avol1/intranet/apache2/bin/httpd -k start
cust0003  3584  3580  0 08:48:08 ?        0:00 /avol1/intranet/apache2/bin/httpd -k start
...
cust0300  3882  3580  0 08:48:08 ?        0:00 /avol1/intranet/apache2/bin/httpd -k start

This is but an example for a medium-sized ISP with 300 VHosts. Now, think of BIG ISPs with several THOUSAND VHosts. Okay, they wouldn't run on one machine, but that doesn't eliminate the problem IMO.

Oh, and if you wonder about cgi-scripts. A cgi-script running in /var/www/cust0001/cgi-bin owed by cust0001 with the following content: 

#!/bin/bash


 echo -e "Content-Type: text/plain\n\n"


 echo "PWD: `pwd`"
echo "USER: `id`"
date >> hello && okay="1"
if [ "_$okay" == "_1" ] ; then
        echo "Okay"
else
        echo "MEEP MEEP"
fi

would create the following output: 

PWD: /pvol1/icntest/wt0000/cgi-bin
USER: uid=43697(infowww) gid=2000(webadmin)
MEEP MEEP

So you STILL need the suEXEC wrapper.
And now PLEASE tell me that I'm terribly, TERRIBLY wrong.

Latest blog entries     Older blog entries

New Advogato Features

FOAF updates: Trust rankings are now exported, making the data available to other users and websites. An external FOAF URI has been added, allowing users to link to an additional FOAF file.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!