File: README

package info (click to toggle)
apache2-mpm-itk 2.2.3-01-2%2Betch4
  • links: PTS
  • area: main
  • in suites: etch
  • size: 176 kB
  • ctags: 1
  • sloc: sh: 52; makefile: 45
file content (109 lines) | stat: -rw-r--r-- 5,202 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
 
This is a copy of the documentation available at
http://home.samfundet.no/~sesse/mpm-itk/, dumped with the Lynx
web browser and edited briefly.

                             The Apache 2 ITK MPM

Introduction

   apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing
   Module) for the [1]Apache 2 web server (which you've probably heard of
   :-) ). mpm-itk allows you to run each of your vhost under a separate
   uid and gid -- in short, the scripts and configuration files for one
   vhost no longer have to be readable for all the other vhosts.

   There are already MPMs available that do this, namely the perchild and
   [2]Metux MPMs (the latter being based on the former, which is included
   in the standard Apache 2 tree). However, both have their sets of
   problems; for instance, both are threaded, which can be a problem for
   many extension modules. Second, AFAIK both have issues with listening
   on multiple ports (ie. SSL etc), and I don't know how well they really
   perform in practice. (If you only run CGI scripts, suexec will also
   probably solve most of your problems.)

   mpm-itk is based on the traditional prefork MPM, which means it's
   non-threaded; in short, this means you can run non-thread-aware code
   (like many [3]PHP extensions) without problems. (On the other hand,
   you lose out to any performance benefit you'd get with threads, of
   course; you'd have to decide for yourself if that's worth it or not.)

Quirks and warnings

   Warning: since mpm-itk has to be able to setuid(), it runs as root
   until the request is parsed and the vhost determined. This means that
   any security hole before the request is parsed will be a root security
   hole. (The most likely place is probably in mod_ssl...) Without
   implementing socket passing (which is the primary reason why
   perchild/metux doesn't really work well; it's complex enough in the
   difficult cases that nobody has bothered finished their socket passing
   implementation) or using some sort of special SELinux functionality,
   this is not going to change in the near future. UPDATE: Lennart
   Poettering kindly pointed out that at least under Linux, a process can
   drop most root privileges (like chown(), kill(), loading kernel
   modules etc. -- see capabilities(7) for a full list). The second patch
   above drops all such privileges except CAP_SETUID and CAP_SETGID,
   making the parent process still run as uid=0 (and being able to read
   files owned by uid=0 or gid=0), but at least be somewhat more limited.

   There is also another minor quirk in mpm-itk, since it doesn't support
   forwarding between httpd instances; if you connect to httpd, make a
   request and then make a request on the same connection for a different
   vhost (this is supported as per the RFCs, as far as I know), mpm-itk
   simply shuts down the connection. (This is perfectly legal according
   to RFC2616; the web server simply simulates a timeout, and the client
   is supposed to just open a new connection and retry the request.) In
   practice this should very rarely become a problem, unless you include,
   say, graphics from one vhost on the pages of one with a different uid.

   Note that mpm-itk is experimental software; we're running it in
   production (serving a bit over a million hits a month) at
   [4]Studentersamfundet i Trondhjem (the ITK name comes from
   [5]IT-Komiteen, the IT committee at the student society in Trondheim),
   and we've done a fair amount of stress testing, but it's nowhere as
   tested as, say, prefork.

Compilation

   If you can't apply a patch, you probably should not be using this. :-)
   I'd be happy if people started including this in distributions etc.,
   though -- drop me a note if you intend to do so (see below) :-)

Configuration variables

   The two new configuration settings compared to the prefork MPM are,
   per-vhost:

   AssignUserID: Takes two parameters, uid and gid (or really, user name
   and group name); specifies what uid and gid the vhost will run as
   (after parsing the request etc., of course).

   MaxClientsVHost: A separate MaxClients for the vhost. This can be
   useful if, say, half of your vhosts depend on some NFS server (like on
   our setup); if the NFS server goes down, you do not want the children
   waiting forever on NFS to take the non-NFS-dependent hosts down. This
   can thus act as a safety measure, giving "server too busy" on the
   NFS-dependent vhosts while keeping the other ones happily running. (Of
   course, you could use it to simply keep one site from eating way too
   much resources, but there are probably better ways of doing that.)

   Note that if you do not assign a user ID, there won't be set one --
   ie., you'll run as root. Don't forget it.

Licensing

   mpm-itk is licensed under the Apache License, version 2.0, like the
   rest of Apache.

Contact

   mpm-itk is at the moment developed by Steinar H. Gunderson; e-mail
   address is at my [6]home page.

References

   1. http://www.apache.org/
   2. http://www.metux.de/mpm/
   3. http://www.php.net/
   4. http://www.samfundet.no/
   5. http://itk.samfundet.no/
   6. http://www.sesse.net/