Loading ...
Sorry, an error occurred while loading the content.

set the UIDs and GIDs in Mod_Perl 2

Expand Messages
  • Shane De Jager
    Hi I am in the process of moving to mod perl from CGI. Under modCGI i could set UIDs and GID with suExec. Is this possible with mod_perl2? If so, how is it
    Message 1 of 4 , Jul 22, 2005
    • 0 Attachment
      Hi

      I am in the process of moving to mod perl from CGI. Under modCGI i could set UIDs and GID with suExec. Is this possible with mod_perl2? If so, how is it done?

      --
      Shane De Jager
      Technical Developer

      INTERGAGE
      High-performance, updateable Web sites

      Switchboard +44(0)845 456 1022
      Direct Dial +44(0)1202 688 219
      ==
      www.intergage.co.uk
      sdejager@...

      Are you aware of our referral scheme? Learn how you could profit personally from passing us leads.

      Click here to pass a referral: www.intergage.co.uk/referrals
    • Stas Bekman
      ... Not at the moment, Shane. http://perl.apache.org/docs/1.0/guide/install.html#Is_it_possible_to_run_mod_perl_enabled_Apache_as_suExec_ This may change in
      Message 2 of 4 , Jul 22, 2005
      • 0 Attachment
        Shane De Jager wrote:
        > Hi
        >
        > I am in the process of moving to mod perl from CGI. Under modCGI i could set UIDs and GID with suExec. Is this possible with mod_perl2? If so, how is it done?

        Not at the moment, Shane.
        http://perl.apache.org/docs/1.0/guide/install.html#Is_it_possible_to_run_mod_perl_enabled_Apache_as_suExec_

        This may change in the future if perchild or metux MPM will be released.
        This will allow to have groups of processes/threads running under a given
        uid/gid, which may or may not suit your needs (e.g. it probably won't
        scale well if you have hundreds of users you want to 'suexec' to).


        --
        __________________________________________________________________
        Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
        http://stason.org/ mod_perl Guide ---> http://perl.apache.org
        mailto:stas@... http://use.perl.org http://apacheweek.com
        http://modperlbook.org http://apache.org http://ticketmaster.com
      • Shane De Jager
        Hi In O Reilly Practical mod_perl Appendix C Under C.1. Users Sharing a Single Web Server it states: mod_perl 2.0 improves the situation, since it allows a
        Message 3 of 4 , Jul 22, 2005
        • 0 Attachment
          Hi

          In O'Reilly Practical mod_perl Appendix C Under C.1. Users Sharing a Single Web Server it states:

          mod_perl 2.0 improves the situation, since it allows a pool of Perl interpreters to be dedicated to a single virtual host. It is possible to set the UIDs and GIDs of these interpreters to be those of the user for which the virtual host is configured, so users can operate within their own protected spaces and are unable to interfere with other users.

          Or is this not the case anymore?


          Shane De Jager wrote:
          > Hi
          >
          > I am in the process of moving to mod perl from CGI. Under modCGI i could set UIDs and GID with suExec. Is this possible with mod_perl2? If so, how is it done?
          Not at the moment, Shane.

          http://perl.apache.org/docs/1.0/guide/install.html#Is_it_possible_to_run_mod_perl_enabled_Apache_as_suExec_

          This may change in the future if perchild or metux MPM will be released.
          This will allow to have groups of processes/threads running under a given
          uid/gid, which may or may not suit your needs (e.g. it probably won't
          scale well if you have hundreds of users you want to 'suexec' to).



          --
          Shane De Jager
          Technical Developer

          INTERGAGE
          High-performance, updateable Web sites

          Switchboard +44(0)845 456 1022
          Direct Dial +44(0)1202 688 219
          ==
          www.intergage.co.uk
          sdejager@...

          Are you aware of our referral scheme? Learn how you could profit personally from passing us leads.

          Click here to pass a referral: www.intergage.co.uk/referrals
        • Stas Bekman
          ... It never was the case, Shane. Unfortunately this is a mistake. You can have pools of interpreters, but since they reside in the process, they have the
          Message 4 of 4 , Jul 22, 2005
          • 0 Attachment
            Shane De Jager wrote:
            > Hi
            >
            > In O'Reilly Practical mod_perl Appendix C Under C.1. Users Sharing a Single Web Server it states:
            >
            > mod_perl 2.0 improves the situation, since it allows a pool of Perl
            > interpreters to be dedicated to a single virtual host. It is possible to
            > set the UIDs and GIDs of these interpreters to be those of the user for
            > which the virtual host is configured, so users can operate within their
            > own protected spaces and are unable to interfere with other users.
            >
            > Or is this not the case anymore?

            It never was the case, Shane. Unfortunately this is a mistake. You can
            have pools of interpreters, but since they reside in the process, they
            have the perms of the process. It'll be possible with certain MPMs as
            explained below:

            > This may change in the future if perchild or metux MPM will be released.
            > This will allow to have groups of processes/threads running under a given
            > uid/gid, which may or may not suit your needs (e.g. it probably won't
            > scale well if you have hundreds of users you want to 'suexec' to).

            Give a try to the metux mpm, they say it's in beta. Though we haven't
            tried it under mod_perl. Most likely some tweaks might be needed.

            --
            __________________________________________________________________
            Stas Bekman JAm_pH ------> Just Another mod_perl Hacker
            http://stason.org/ mod_perl Guide ---> http://perl.apache.org
            mailto:stas@... http://use.perl.org http://apacheweek.com
            http://modperlbook.org http://apache.org http://ticketmaster.com
          Your message has been successfully submitted and would be delivered to recipients shortly.