Does apache have to run as the site owner?

Paul Holman
Wed Jan 23 23:29:01 2002

It might work to just leave your Apache setup the way it is and put a 
.gnupg directory with keyrings inside your htdocs directory.  You might 
want to extra-protect it with .htaccess rules as well since your keys 
would be in there.

Just a thought.  Also, I think you can override all the $HOME specific 
stuff with command line flags on GPG which would eliminate the 
dependency on user environment.


On Wednesday, January 23, 2002, at 03:22 AM, Adrian Teasdale wrote:

> Hi
> we have a problem that with PHP we can't see the keys in our virtual 
> hosting
> accounts.  This is what our programmer sent to me (as I'm a non-tech).  
> Does
> this make sense? ....
> This is what we have found in httpd.conf:
> # If you wish httpd to run as a different user or group, you must run
> # httpd as root initially and it will switch.
> #
> # User/Group: The name (or #number) of the user/group to run httpd as.
> #  . On SCO (ODT 3) use "User nouser" and "Group nogroup".
> #  . On HPUX you may not be able to use shared memory as nobody, and the
> #    suggested workaround is to create a user www and use that user.
> #  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
> #  when the value of (unsigned)Group is above 60000;
> #  don't use Group nobody on these systems!
> #
> --------------------------------------------------------------------------
> So apache runs as nobody:nobody. This is Ok until we need to
> communicate with PGP tools. In order to do this we need apache to run
> under right user ID. For example site should run as
> dmail:dmail. Only then we are able to get right pgp keys and work with
> them.
> So can you help us to configure apache in this way
> 1. We need to know if apache runs as root and so it is possible to
> switch user ID for it.
> 2. Can we use cpanel to change user/group for every site?
> 3. If we cannot then can we manually edit httpd.conf to add
> for that sites.
> Thanks in advance
> Ade
> _______________________________________________
> Gnupg-users mailing list
Paul Holman
Kadrevian Nonlinear Accelerator