Differences between revisions 1 and 2

mod_privsep to do list

Scalability / Parallelism
- Use a pool of privileged processes instead of a single privileged process (although at present only open/stat is done in the privileged process and read/write is performed in the workers as usual so this does not have too much of impact on performance unless something like NFS is being used)
Overhead of PAM authentication for each request
- Implement some form of authentication caching
Overhead of setgroups in each privileged operation
- The code currently doesn't setup all of the supplemental groups due to the overhead of setgroups. One solution would be to route requests to a pooled process that is already switched to to the required user (would require privileged process pooling infrastructure)
Support properties properly
- Properties support in the current patches are not fully supported as the property dbm calls are not privilege separated and thus get Permission Denied.
- One possibility for easily supporting privilege separated properties is to implement Extended Attribute support (xattrs) in APR and then make a mod_dav_fs_props_xattr module that uses the xattr API instead of dbm files. A patch for APR xattrs is here: http://issues.apache.org/bugzilla/show_bug.cgi?id=44127
  - Work is underway to make mod_privsep privilege separate extended attributes which will make properties work correctly.
Better support for quotas
- Some code paths in mod_dav need to be changed to expect EDQUOT instead of ENOSPC so that correct error reporting for disk full conditions is done
- Implement diskfree using quotactl similarly to this patch that adds disk free properties (support by Mac OS X WebDAV client) http://www.carrel.org/files/dav-diskfree.patch

Deletions are marked like this.	Additions are marked like this.
Line 12:	Line 12:
	* Work is underway to make mod_privsep privilege separate extended attributes which will make properties work correctly.