[peruser] Status of peruser and other questions

Andrew andyukguy at gmail.com
Wed Aug 26 17:09:18 MDT 2009


Hi folks,

I've been looking into using peruser for some time now. However the  
project itself isn't the easiest to get into for a newcomer:

Judging from these lists the current consensus is that dc3 is the best  
current implementation/extension of the peruser code base? Is this  
correct? Is there a different branch that offers more?

SSL support is now possible, but again I see it's best achieved with a  
patch. Where can I get this patch? Is it maintained by anyone at a  
particular site or is it best to just see what gets posted to the  
mailing list?

I think really I'm just looking for a summary of the current "best"  
combination of patches to achieve a stable, fast and feature full  
peruser. 0.3 + dc3 + SSL multi virtualhost patch is my best guess?

Two more questions:

- One process runs as root and passes requests to the multiplexer.  
Does this not introduce the same problems that MPM-itk has with  
potential full root security holes if say mod_ssl gets exploited?

- What sort of performance should I be expecting to see from peruser?  
I was lead to believe by http://blog.stuartherbert.com/php/2008/03/20/using-mpm-peruser-to-secure-a-shared-server/ 
  that peruser gave very similar performance to mod_php + prefork.  
However my experience is very much different, ab (simplistic as it is)  
running 100 or 1000 requests typically sees peruser being a lot slower  
e.g. 1000 requests in 0.8s for mod_php + prefork but 7s for peruser. I  
tried tweaking various settings but couldn't change the results in any  
significant way. Perhaps this is typical performance and I shouldn't  
be worried that I'm doing something wrong?

Many thanks.


More information about the Peruser mailing list