Example configuration of how to combine the
security and restrictions of SuExec with the
power and speed of mod_perl.
For example, here is the delima:
There are three webmasters on this unix
We want hits to billy.com to be run as billy.
We want hits to henry.com to be run as henry.
We want hits to ralph.com to be run as ralph.
They all want to take advantage of mod_perl
features like PerlHandlers or Apache::Registry
scripts, but all point to the same IP address:
All users wish to keep their sources private
among themselves, so they remove all permissions
for group and other for their home directories.
[root@localhost /root]# chmod 0700 /home/*
[root@localhost /root]# ls -ald /home/*
drwx------ 4 billy billy 4096 Apr 02 12:00 /home/billy
drwx------ 4 henry henry 4096 Apr 02 12:00 /home/henry
drwx------ 4 ralph ralph 4096 Apr 02 12:00 /home/ralph
Each user is responsible to turn on his own server
and listen on his own designated port as follows:
billy.com => 8001
henry.com => 8002
ralph.com => 8003
Each user will have his own server and configuration
files. In Apache, this is done using the -f option.
Each configuration file will contain the Listen
directive with its corresponding port. Also, mod_perl
must be enabled to utilize the Apache::DNAT feature.
[billy@localhost billy]$ tail ~/conf/httpd.conf
# Don't use the Port directive
# Listen: Allows you to bind Apache to specific IP addresses and/or ports
[billy@localhost billy]$ httpd -f ~/conf/httpd.conf
(The same goes for the other users, too.)
No <VirtualHost> sections should be used. No special
User directive or SuExec configuration is required.