[peruser] Status of peruser and other questions
andyukguy at gmail.com
Wed Aug 26 17:09:18 MDT 2009
I've been looking into using peruser for some time now. However the
project itself isn't the easiest to get into for a newcomer:
Judging from these lists the current consensus is that dc3 is the best
current implementation/extension of the peruser code base? Is this
correct? Is there a different branch that offers more?
SSL support is now possible, but again I see it's best achieved with a
patch. Where can I get this patch? Is it maintained by anyone at a
particular site or is it best to just see what gets posted to the
I think really I'm just looking for a summary of the current "best"
combination of patches to achieve a stable, fast and feature full
peruser. 0.3 + dc3 + SSL multi virtualhost patch is my best guess?
Two more questions:
- One process runs as root and passes requests to the multiplexer.
Does this not introduce the same problems that MPM-itk has with
potential full root security holes if say mod_ssl gets exploited?
- What sort of performance should I be expecting to see from peruser?
I was lead to believe by http://blog.stuartherbert.com/php/2008/03/20/using-mpm-peruser-to-secure-a-shared-server/
that peruser gave very similar performance to mod_php + prefork.
However my experience is very much different, ab (simplistic as it is)
running 100 or 1000 requests typically sees peruser being a lot slower
e.g. 1000 requests in 0.8s for mod_php + prefork but 7s for peruser. I
tried tweaking various settings but couldn't change the results in any
significant way. Perhaps this is typical performance and I shouldn't
be worried that I'm doing something wrong?
More information about the Peruser