<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Or one can forgo the details of threads and run each virtual host
as a separate container (LXC, Docker...)<br>
</p>
<div class="moz-cite-prefix">On 5/18/20 11:29 PM, Khalid Baheyeldin
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CA+TuoW2aa+-ixY_G+fLXBfp1eN7T3gpT6bbf+BgQvXbysVryYA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div>It seems whichever way you do it, you have to settle for
something that executes PHP <br>
</div>
<div>in a process for that particular Linux user ID, and doing
that, forgo all threaded efficiencies ...</div>
<div><br>
</div>
<div>For example, for libapache2-mpm-itk</div>
<div><br>
</div>
<div>This is how it is described in the repo:</div>
<div><br>
</div>
<div>The mpm-itk module, although not technically a
Multi-Processing Module (MPM) <br>
</div>
<div>(although it used to be) <b>enhances the classical
"prefork" module</b> (that is, <br>
</div>
<div><b>without threads</b>), in such a way that it allows you
to constrain each individual <br>
</div>
<div>vhost to a particular system user and group. This allows
you to run several different <br>
</div>
<div>web sites on a single server without worrying that they
will be able to read each <br>
</div>
<div>others' files. mpm-itk is largely independent of e.g. what
scripting technology is in <br>
</div>
<div>use on your server; in particular, it does not require you
to run your scripts as CGI <br>
</div>
<div>to get the extra security benefit.<br>
</div>
<div>Homepage: <a href="http://mpm-itk.sesse.net/"
moz-do-not-send="true">http://mpm-itk.sesse.net/</a></div>
<div><br>
</div>
<div>
<div>There is also mod_privileges<br>
</div>
<div><a
href="https://httpd.apache.org/docs/2.4/mod/mod_privileges.html"
moz-do-not-send="true">https://httpd.apache.org/docs/2.4/mod/mod_privileges.html</a></div>
<div>But it requires mod_php, so back to the same model<br>
</div>
<div><br>
</div>
<div>Depending on the site specifics, either would be
workable. For example, if the code</div>
<div>base is relatively small (does not eat a lot of RAM), and
has low traffic. <br>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
kwlug-disc mailing list
<a class="moz-txt-link-abbreviated" href="mailto:kwlug-disc@kwlug.org">kwlug-disc@kwlug.org</a>
<a class="moz-txt-link-freetext" href="https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org">https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org</a>
</pre>
</blockquote>
</body>
</html>