I want to run an ASP.NET application hosted with Apache2/mod_mono as a different user than wwwrun:www in order to better protect sensitive data (avoiding chmod 777 in shared environments). I use openSUSE 11.0.
I read FAQ: ASP.NET - Mono
How can I Run mod-mono-server as a different user?
Due to apache’s design, there is no straightforward way to start processes from inside of a apache child as a specific user. Apache’s SuExec wrapper is targeting CGI and is useless for modules.
Mod_mono provides the MonoStartXSP option. You can set it to “False” and start mod-mono-server manually as the specific user. Some tinkering with the Unix socket’s permissions might be necessary, unless MonoListenPort is used, which turns on TCP between mod_mono and mod-mono-server.
Another (very risky) way: use a setuid ‘root’ wrapper for the mono executable, inspired by the sources of Apache’s SuExec.
And finally: drop mod_mono and use mod_proxy + mod_proxy_http + XSP instead. It’s slightly easier to configure, especially if you are not used to mod_mono.
I’m not a master in Apache configuration, and I have no experience with Unix sockets.
Could somebody provide me with a tutorial on how to implement what I underlined in the quote, which seems to be the easiest way?
I would like the mod-mono-server2 process to be started as user “djechelon” on system start, and maybe (using cron?) restart it periodically.
My current mod_mono configuration is the following (only lines related to mod_mono from VirtualHost)
AddHandler mono .aspx .ascx .asax .ashx .config .cs .asmx .axd
Alias / "/home/djechelon/htdocs"
Thank you in advance