Red Hat Bugzilla – Bug 350831
reduce suexec minimum gid
Last modified: 2009-10-13 10:15:59 EDT
When installing a daemon package that can use suexec to avoid a separate httpd
instance (in my case, backuppc), one must set the UID of the package user to
greater than 500 to use suexec with its management CGI. This conflicts with the
band of UID's reserved for end-user assignment. Ideally suexec's AP_UID_MIN
should be somewhat below 500, to allow a band of UIDs for use by system services
needing a web management interface.
See also bug 107083 and bug 127667, where the minimum GID was reduced from 500
It is rather than point of the minimum GID/UID to *avoid* being able to use
suexec with "system" users. The minimum GID was lowered only because of the
issue with the existing gid=100 users group (essentially, a migration issue).
Would it be preferable, then, to run multiple Apache instances as different
users? If so, should I enter an RFE against httpd to provide initscripts that
can launch multiple instances?
Sorry that I never responded to that question. Really the only "preferable" option here is to ensure both your uids and gids are >= 500.
Marking closed since the minimum uid is set deliberately for security purposes; apologies that this is unsatisfying for some deployments.