Different users per Apache virtual server
Typical problem when using PHP is security. Here in Czech at least half of
sites is cracked using PHP bugs. PHP's safe-mode solves it a bit but it can't
be treated as correct solution.
Apache 2 has MPM module which allows to set User per
VirtualHost. Unfortunately Apache 2 is in beta phase now. Here I present
quick hack for 1.3.20 (and other) which allows you to do the same. Only
disadvantage is speed. I use seteuid in forked child to switch to httpd
user but real UID is still root. Later when request comes in I determine
value of User/Group directives attached to it, regain root and use setuid
to become given user permanently. It also means that child can't be used
anymore for other connections which could require another user. I solve
it by forcing the child to die when connection is closed. There is a possibility
to reuse children with the same UID but it require larger changes to the
Apache source and I have too many other projects.
Here is patch against 1.3.20. I'd appreciate
comments on it and test results. It work well here. Use User directive in
VirtualHost and you are done.
devik@cdi.cz