Feature #49
closedadd suexec
Description
allow suexec for spawning fastcgi-process under a different UID/GID.
Updated by mike503 over 17 years ago
this would only be applicable for using lighty's process spawning.
in 1.5.x though it looks like that is no longer the case. the expectation is an external program (i.e. spawn-fcgi) will handle it.
i would say "YES" to this request otherwise but it looks like the future is bringing a change anyway. i'm already using spawn-fcgi because i can't get suexec and lighty to work nicely (to clean up stuff when lighty is shut down) - originally i would have suggested a "uid" and "gid" parameter added to the fastcgi.server options... but again, that's only if lighty is handling launching it.
Updated by stbuehler almost 17 years ago
- Status changed from New to Fixed
- Resolution set to invalid
Juse use http://cyanite.org/execwrap/ or some other wrapper, and no one forbids it so why "allow" it?...
Updated by mike503 almost 17 years ago
i could not get execwrap to work properly.
also requires pre-setup engines and wrapper scripts, etc.
Updated by mike503 almost 17 years ago
doesn't that also assume you're using adaptive process spawning which is non-existent in 1.5.x?
Updated by stbuehler almost 17 years ago
Sure you need to do a little bit extra work for the wrapper, and that will certainly not change in 1.4.x.
The only way changing this is to have a "angel" process which runs as root and spawns the fastcgi backends.
If execwrap forks (and stays in background), the backend processes are killed correctly on my system; i don't know if suexec does this too.
Updated by mike503 almost 17 years ago
I've been wanting some sort of angel process type thing for a while.
It doesn't have to be Lighttpd specific but would help for people used to defining fastcgi stuff in 1.4.x and moving to 1.5.x...
Here's my ideas...
http://mikehost.com/~mike/tmp/fastcgi.txt
Updated by stbuehler almost 17 years ago
Hehe... just saw jan himself opened this ticket^^
Now: i think 1.4.x will not get new features like this, the changes are just too big.
Regarding 1.5.x, the plan was to get the spawning part into a angel process; i have some code to have adaptive spawning (but not in a angel yet, so you need execwrap), imho the main problem is that the normal config file style (defining things in conditionals) is not good for proxy balancing and adpative spawning.
Also available in: Atom