[Mono-dev] Open discussion for mono setuid per vhost

Christopher Bergström cbergstrom at netsyncro.com
Tue Dec 27 19:02:45 EST 2005


So far I've been discussing this offlist with another Mono/.Net 
developer...  I'm interested in open/honest feedback or code snippets 
which might help accomplish this..

So far there are two ways which seem reasonable so far and please pardon 
me if I'm missing some points..

1) Mono wrapper

Apache ---> mod_mono -->  mono-server-path to wrapper --> mod-mono-server

The wrapper is s+ (sticky bit) and owned by root.. It then calls the 
mod-mono-server with setuid as the desired user..

2) Patching mod_mono directly..

Apache ---> mod_mono_patched --> mod-mono-server

With the 2nd approach I'm thinking I have to compile mono with 
-DBIG_SECURITY_HOLE (have to love the naming convention) and start 
apache as root.. and then let mono setuid during the fork..

This has two big disadvantages that glare at me.. -DBIG_SECURITY_HOLE is 
named appropriately, but is owned by root and setting +s really any 
different.. Also then I have to maintain a patchset that is off mainline 
unless it's somehow contributed upstream.. (Is the -DBIG_SECURITY_HOLE 
and starting as root a must?)

I'm really not seeing a maintainable way to get around the vhosts being 
in their own environment issue.. (Just when I thought I had it whipped 
something didn't seem right.)  the end goal is to provide the following..

a) Each vhost being under it's own user
b) If a vhost crashes it automagically restarts
c) Allows apache to serve the static content (keep some of the load off 
XSP for things like images, css and etc...)
d) Minimizing memory overhead impact if the vhost counts goes into the 
hundreds..
e) Not using proxy

(On startup which even with -aot on everything seems to take the load 
average to some really high levels if you start a lot of mod-mono-servers)

Any feedback is appreciated..

C.



More information about the Mono-devel-list mailing list