A while back there was some interesting discussion of
apache2-mpm-itk on this list.

The big advantage is that this Multi-Processing Module lets you
easily set the user and group a particular apache virtual server
runs as. If everything isn't running as www-data, it is harder
for a compromised script on one site to wreak havoc on another site.

mpp-itk requires much less config and hassle than uexec suphp and
friends.

I've recently come across a couple quirks:

1) libapache2-mod-security2 runs as the user
you set in your virtual server configuration.
so at least if you have:

SecAuditLogType Concurrent
...then
SecAuditLogStorageDir

....needs to be world writable

2) libapache2-mod-cband segfaults

Probably for #1, SecAuditLogStorageDir can be set per virtual
host, so no big deal.

I'll file a proper bug report on #2 , but thought I'd kick this
to the group first.



--
To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org