suexec on old perl cgi processes was useful:
A cgi process (run by the apache process)
could create files that belonged to me.
Php usually runs as an '.so' library, owned by
the apache process, which is more efficient.
But it means all files (even in my filesystem
space) created by php/apache end up owned
by apache. This is an enormous pain the butt,
particularly when complicated by 'safe_mode'
restrictions.
Why can't the php kernel be hacked to fork
a full-fledged, separate process, that
uses setuid owner for certain key file system
chores: perhaps only for certain newly created functions,
like "mkUserOwnedDir () or openUserOwnedFi le()"
A cgi process (run by the apache process)
could create files that belonged to me.
Php usually runs as an '.so' library, owned by
the apache process, which is more efficient.
But it means all files (even in my filesystem
space) created by php/apache end up owned
by apache. This is an enormous pain the butt,
particularly when complicated by 'safe_mode'
restrictions.
Why can't the php kernel be hacked to fork
a full-fledged, separate process, that
uses setuid owner for certain key file system
chores: perhaps only for certain newly created functions,
like "mkUserOwnedDir () or openUserOwnedFi le()"