[Mono-list] mod_mono in a shared hosting envionment
Jesse Pasichnyk
jesse at pasichnyk.net
Mon Nov 28 13:27:37 EST 2005
David,
I made a post this last weekend when I was trying to get mod-mono-server
running in a chroot jail. See I am trying to do the same thing and exec my
mod-mono-server instances as each user that owns the site, but since these
users are chrooted, initializing the mod-mono-server fails.
How are you actually starting the process as the user? Just with a:
su - username -c [command to start mod-mono-server on the application]
or programmatically via setuid/setgid ?
I believe we are trying to do the same thing here. I however didn't get
back a reply yet on my chroot issues.
If I hear anything I'll keep you posted,
Jesse
-----Original Message-----
From: mono-list-bounces at lists.ximian.com
[mailto:mono-list-bounces at lists.ximian.com] On Behalf Of 'David Darville'
Sent: Monday, November 28, 2005 3:00 AM
To: mono-list at lists.ximian.com
Subject: Re: [Mono-list] mod_mono in a shared hosting envionment
On Wed, Nov 23, 2005 at 12:32:16PM -0800, Jesse Pasichnyk wrote:
> Hi David,
>
> There have been several posts about this sort of thing in the past (from
me
> and others), and I think the consensus is its probably better to run
> standalone xsp servers per site. That way you can chroot the xsp
(optional
> of course) as well as run it as the user who owns the site. This would
> limit the problem of bad users or exploited sites doing too much damage.
I
> believe people also argue against mod_mono because that would tie the GC
> instance to the apache server in some sorts (I'm not aware of how that
works
> though, someone else may be able to provide more reasoning behind it). If
> you do choose to run separate xsp instances you could use mod_proxy to
setup
> forward and reverse proxies to the xsp instance. This could be initially
> just setup running xsp instances on ports of 127.0.0.1, but could be in
the
> future scaled out to multiple application servers.
Currently I am working on a proxy to put between mod_mono and
mod-mono-server.exe, which executes the mod-mono-server.exe instances for
each customer, using seperate uid's for each domain, which does limit how
much
one customer can access the files all other customers, but we still have
alot of customers who does not set proper permissions on their files, and
therefore there are still plenty of files beloging to other files which are
accessible.
And to eliminate that problem we need to be able to limit which files a
mono/mod-mono-server.exe instance can access, before we can implement it in
our production environment. And therefore I am now asking about the
possibility of souch a functionality getting implementes in
mono/mod-mono-server.exe.
---
David Darville
_______________________________________________
Mono-list maillist - Mono-list at lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-list
More information about the Mono-list
mailing list