Can I run my mod_perl aplication as an ordinary user similar to running a plain vanilla CGI application under suexec?
A:
As mod_perl runs within the apache process, I would think the answer is generally no. You could, for example, run a separate apache process as this ordinary user and use the main apache process as a proxy for it.
rayners
2010-04-09 18:26:54
+1
A:
From the source:
Is it possible to run mod_perl enabled Apache as suExec?
The answer is No. The reason is that you can't "suid" a part of a process. mod_perl lives inside the Apache process, so its UID and GID are the same as the Apache process.
You have to use mod_cgi if you need this functionality.
Another solution is to use a crontab to call some script that will check whether there is something to do and will execute it. The mod_perl script will be able to create and update this todo list.
A more nuanced answer with some possible workarounds from "Practical mod_perl" book: (I hope that's not a pirated content, if it is please edit it out)
mod_perl 2.0 improves the situation, since it allows a pool of Perl interpreters to be dedicated to a single virtual host. It is possible to set the UIDs and GIDs of these interpreters to be those of the user for which the virtual host is configured, so users can operate within their own protected spaces and are unable to interfere with other users.
Additional solutions from the sme book are in appendix C2
DVK
2010-04-10 11:32:39