SETUID APACHE

Anon

Ok, Heres the situation...

I am running PHP on Apache. Apache is running as DAEMON user. I dont want all commands executed on the system to be executed as DAEMON. I am trying to use POSIX_SETUID to actually downgrade the user to his limited privileges.
I get this error.

<< Warning: posix_setuid(#UID) failed with 'Not owner'. Must be root in /dir/file.php3 on line # >>

Does anyone know how I could successfully SETUID without having apache running as root?

thanx

Anon

You can't. Apache gives up root privileges after parsing the httpd.conf file. Since setuid needs root privileges to switch, it bails out.

Running Apache as root is stupid. What is the user does not use setuid to switch to his account? What is a stacksmash breach is discovered on Apache? Exit webserver.

HOWEVER, I have had the same problem, and for Linux I created a patch for Apache, to retain its SET[UG]ID privileges, after becoming nobody. I than patched PHP to become the user of the virtualhost just before executing the script. It works, but you have to disable setuid and friends from the posix module, since that will now allow any user to switch.