Peruser MPM for Apache 2
Peruser is an Apache 2 module based on metuxmpm, a working implementation of the perchild MPM. The fundamental concept behind all of them is to run each apache child process as its own user and group, each handling its own set of virtual hosts. Peruser and recent metuxmpm releases can also chroot() apache processes. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode. Metuxmpm creates one child process per unique user and group, which then spawns threads to handle requests. This requires you to use multithreaded versions of PHP, as well as Perl and Python if you want to use mod_perl and mod_python. Between the three of them, and all the third-party modules and libraries they link to, there can be a lot of non-threadsafe code involved. That can cause nasty crashes that are very hard to reproduce and diagnose. I required a non-threaded Apache, along with non-threaded PHP, Perl, and Python. Unfortunately, just removing thread support from metuxmpm leaves you with just one apache child handling requests for one or more virtual hosts. I created Peruser, which provides multiple processes for each unique user/group/chroot. Although it's working well so far (for me), there is a lot of room for improvement. Write the mailing list if you have questions, suggestions, or patches :) FAQ
InstallationYou're on your own after this point. Seriously, if you're not familiar with building apache, this project is not (yet) for you. Configuration Example
|