I thought that Apache 2 was going to implement the ability to specify
uids to fork child processes as based on user directories at one
point. Today I started reading up on Apache 2 and searching this group
and the only thing I can find is SuExec still. Also virtualhosts dont
support the user directive.
What I am trying to do is setup a safe-mode, apache-php-mysql server
for virtual hosted clients that does not run under a global uid
(nobody for example). But instead will notice the owner of the
directory and fork children based on that ownership (as long as i can
tell it to not do so for root or other priv uids/gids).
This way I can have user and group restrictions setup in PHP.ini to
check for the permissions and it would keep any customer from
uploading some * php code that could be used to attack other local
php sites (since currently the apache daemon runs everything under id
nobody, one hole could potentially deface all sites if they
inadvertently allow group nobody write permissions in their web area).
Needless to say, this server isnt in use yet (just testing) until I
can find a way to do something like this.
Any ideas? Or links to point me in the right direction?