[mpm-itk] mpm-itk feedback and questions

Bruccoleri, Robert (Ext) robert.bruccoleri at novartis.com
Tue May 20 14:42:46 CEST 2014

I modified mpm-itk to compile under Apache 2.4, but it didn't work as advertised. I had expected to use the module to permit the web server to access files belonging to me which the apache user did not have read access.

Unfortunately, the code first attempted to access the protected files as the apache user, and then it issued the setuid system call to change the server's UID. Obviously, this is the wrong order. The setuid call should happen first, before the files are accessed.

I solved my operational problem by creating a second instance of the web server which started execution with my UID. However, the general solution that mpm-itk advertises would still be preferable.

Thank you.

Robert Bruccoleri
robert.bruccoleri at novartis.com
Consultant for Novartis Institute for Biomedical Research
Congenomics, LLC
+1 609 902 8419

From: mpm-itk [mpm-itk-bounces at err.no] on behalf of Pavel Alexeev [forum at hubbitus.com.ru]
Sent: Monday, May 19, 2014 06:42
To: fhdata; mpm-itk at err.no
Subject: Re: [mpm-itk] mpm-itk feedback and questions


15.05.2014 03:35, fhdata wrote:
> Hello
> My relatively  comprehensive testing of mpm-itk has been very positive.
> mpm-itk's simplicity is fine but the main
> key success is that implementing
> privilege-management through mpm-itk
> is 100%/complete.  (unlike fcgid or fastcgi which is not)
> I am using httpd-itk via epel.
> Question1:
> How often mpm-itk publisher update httpd-itk
> I am downloading from epel?
> i.e. if there is a security in rhel apache (httpd)
> and they fix it,  will I see that fix reflect
> in a new httpd-itk appearing on epel -- if yes, how quickly?
> Or, is this a wrong place for me to post this question?
I'm maintainer of httpd-itk package in Fedora/epel. I try update it for
on major updates. But it is quite outdated in EPEL now, I may update to
2.4 version only in Epel7 I think. In Fedora it is fresh as possible.
Feel free fill bugreport in RedHat bugzilla any time I missing upstream
update and you are want it happen in Fedora/EPEL.
> Question2:
> How would mpm-itk scale up in a scenario of let say
> 1000 websites served of  a  six load-balanced apache server farm?
> websites are fairly dynamic but not heavily.
> Thank you,
> F-
> _______________________________________________
> mpm-itk mailing list
> mpm-itk at err.no
> http://lists.err.no/mailman/listinfo/mpm-itk

mpm-itk mailing list
mpm-itk at err.no

More information about the mpm-itk mailing list