<summary>
<p>This module enables different Virtual Hosts to run with different
Unix <var>User</var> and <var>Group</var> IDs, and with different
-<a href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+<a href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>Solaris Privileges</a>. In particular, it offers a solution to the
problem of privilege separation between different Virtual Hosts, first
promised by the abandoned perchild MPM. It also offers other security
under which the server will process requests to a virtualhost.
The userid is set before the request is processed and reset afterwards
using <a
- href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+ href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>Solaris Privileges</a>. Since the setting applies to the
<em>process</em>, this is not compatible with threaded MPMs.</p>
<p><var>Unix-userid</var> is one of:</p>
under which the server will process requests to a virtualhost.
The group is set before the request is processed and reset afterwards
using <a
- href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+ href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>Solaris Privileges</a>. Since the setting applies to the
<em>process</em>, this is not compatible with threaded MPMs.</p>
<p><var>Unix-group</var> is one of:</p>
<usage>
<p>Determines whether the virtual host processes requests with
security enhanced by removal of <a
- href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+ href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>Privileges</a> that are rarely needed in a webserver, but which are
available by default to a normal Unix user and may therefore
be required by modules and applications. It is recommended that
<usage>
<p>Determines whether the virtual host is allowed to run fork and exec,
the <a
- href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+ href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>privileges</a> required to run subprocesses. If this is set to
<var>Off</var> the virtualhost is denied the privileges and will not
be able to run traditional CGI programs or scripts under the traditional
<usage>
<p>This server-wide directive determines whether Apache will run with
the <a
- href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+ href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>privileges</a> required to run
- <a href="http://sosc-dr.sun.com/bigadmin/content/dtrace/">dtrace</a>.
+ <a href="https://docs.oracle.com/cd/E19253-01/819-5488/gbwaz/index.html">dtrace</a>.
Note that <var>DTracePrivileges On</var> will not in itself
activate DTrace, but <var>DTracePrivileges Off</var> will prevent
it working.</p>
<usage>
<p><directive>VHostPrivs</directive> can be used to assign arbitrary <a
- href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+ href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>privileges</a> to a virtual host. Each <var>privilege-name</var>
is the name of a Solaris privilege, such as <var>file_setid</var>
or <var>sys_nfs</var>.</p>
<usage>
<p><directive>VHostCGIPrivs</directive> can be used to assign arbitrary <a
- href="http://sosc-dr.sun.com/bigadmin/features/articles/least_privilege.jsp"
+ href="https://docs.oracle.com/cd/E19253-01/816-4863/6mb20lvfd/index.html"
>privileges</a> to subprocesses created by a virtual host, as discussed
under <directive>VHostCGIMode</directive>. Each <var>privilege-name</var>
is the name of a Solaris privilege, such as <var>file_setid</var>
projects / thirdparty / apache / httpd.git / commitdiff
