mod_diffprivs - makes apache configurable to work on diffrent uid and gid
	on every <VirtualServer>
Software distributed under GNU GPL license, see LICENSE file for details.
Author: Lukasz Wojtow <lw@wszia.edu.pl>
Current version at: http://euromedia.pl/~lw/

I know there is allready directive User and Group, even on VirtualServer, but
this directive affects only suExec. This does not solve the problem with php
compiled into apache, safe_mode can be bypassed again ("... load data from 
file..." on sql queries), hardlinks may be created to other users files (with 
standard kernel, I don't know how it looks on other than Linux/FreeBSD Unices), 
apache user have to be able to read all files and chdir into all directories. 
This module provides _real_ work as diffrent user and group, not only for cgi 
scripts.  Usage is very simple:
	Privs username groupname [chrootdir]
This make apache try to change his uid to username's uid  and gid to 
groupname's gid. If setuid() or setgid() fails, apache will display error 
page 403 and write error message to logs. You must run apache as root 
(directives User and Group in main server configuration) and change it 
by setting 
	Privs normaleuser normalgroup
Relax, function changing uid and gid is called as first after request received.
It's look like:
accept()
read request,
open() /etc/group
setgid()
open() /etc/passwd
setuid()

After that normal operations are continued. If You don't want to run apache as 
root and You are using Linux 2.2 there is other way. Specially for this module I
wrote kernel module for Linux 2.2 - ais (Allow *Id Switching). See 
http://euromedia.pl/~lw/ for details. 
To use this module You should probably set in httpd.conf:
MaxRequestPerChild 1
and little increase StartServers to avoid performance decreasing.
Currently I want to finish mod_diffprivs and make apache calls chroot() (this 
is not done yet) to diffrent directory for each VirtualServer. This will 
increase security much, but once again: only root can call chroot() and 
I don't want to run apache as root, so currently I'm writing module similiar to 
ais, but allow calls chroot() for selected users to selected dirs.


Whell, thats all. Thanks for reading it. If it is usefull for You, please mail 
me, just for statistics. If You have any suggestions or You are interested in 
contact me, feel free, my email is on top. Best regards and enjoy :). 
	Lukasz Wojtow

Dedicate to Dire Straits

/*
	There's so many diffrent worlds,
	So many diffrent suns,
	And we have just one world,
	But we live in diffrent ones.
*/
