manual/mod/mod_privileges.xml

<?xml version="1.0"?>
<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
<!-- $LastChangedRevision$ -->

<!--
 Licensed to the Apache Software Foundation (ASF) under one or more
 contributor license agreements.  See the NOTICE file distributed with
 this work for additional information regarding copyright ownership.
 The ASF licenses this file to You under the Apache License, Version 2.0
 (the "License"); you may not use this file except in compliance with
 the License.  You may obtain a copy of the License at

     http://www.apache.org/licenses/LICENSE-2.0

 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
-->

<modulesynopsis metafile="mod_privileges.xml.meta">

<name>mod_privileges</name>
<description>Support for Solaris privileges and for running virtual hosts
under different user IDs.</description>
<status>Experimental</status>
<identifier>privileges_module</identifier>
<compatibility>Available in Apache 2.3 and up, on Solaris 10 and
OpenSolaris platforms</compatibility>

<summary>
<p>This module enables different Virtual Hosts to run with different
Unix&trade; <var>User</var> and <var>Group</var> IDs, and with different
<a href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
>Solaris Privileges</a>.  In particular, it offers a solution to the
problem of privilege separation between different Virtual Hosts, first
promised by the abandoned <module>perchild</module> MPM.
It also offers other security enhancements.</p>

<p>Unlike <module>perchild</module>, <module>mod_privileges</module>
is not itself an MPM.  It works <em>within</em> a processing model to
set privileges and User/Group <em>per request</em> in a running process.
It is therefore not compatible with a threaded MPM, and will refuse
to run under one.</p>

<p><module>mod_privileges</module> raises security issues similar to
those of <a href="../suexec.html">suexec</a>.  But unlike suexec,
it applies not only to CGI programs but to the entire request processing
cycle, including in-process applications and subprocesses.
It is ideally suited to running PHP applications under <strong>mod_php</strong>,
which is also incompatible with threaded MPMs.  It is also well-suited
to other in-process scripting applications such as <strong>mod_perl</strong>,
<strong>mod_python</strong>, and <strong>mod_ruby</strong>, and to
applications implemented in C as apache modules where privilege
separation is an issue.</p>

</summary>

<directivesynopsis>
<name>VHostUser</name>
<description>Sets the User ID under which a virtual host runs.</description>
<syntax>VHostUser <var>unix-userid</var></syntax>
<default>Inherits the userid specified in
<directive module="mod_unixd">User</directive></default>
<contextlist><context>virtual host</context></contextlist>
<compatibility>Available on Solaris 10 and OpenSolaris with
non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>

<usage>
    <p>The <directive>VHostUser</directive> directive sets the Unix userid
    under which the server will process requests to a virtualhost.
    The userid is set before the request is processed and reset afterwards
    using <a
    href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
    >Solaris Privileges</a>.  Since the setting applies to the
    <em>process</em>, this is not compatible with threaded MPMs.</p>
    <p><var>Unix-userid</var> is one of:</p>
    <dl>
      <dt>A username</dt>
      <dd>Refers to the given user by name.</dd>

      <dt><code>#</code> followed by a user number.</dt>
      <dd>Refers to a user by its number.</dd>
    </dl>

    <note type="warning"><title>Security</title>
    <p>This directive cannot be used to run apache as root!
    Nevertheless, it opens potential security issues similar to
    those discussed in the <a href="../suexec.html">suexec</a>
    documentation.</p></note>
</usage>
<seealso><directive module="mod_unixd">User</directive></seealso>
<seealso><directive module="mod_suexec">SuexecUserGroup</directive></seealso>
</directivesynopsis>

<directivesynopsis>
<name>VHostGroup</name>
<description>Sets the Group ID under which a virtual host runs.</description>
<syntax>VHostGroup <var>unix-groupid</var></syntax>
<default>Inherits the group id specified in
<directive module="mod_unixd">Group</directive></default>
<contextlist><context>virtual host</context></contextlist>
<compatibility>Available on Solaris 10 and OpenSolaris with
non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>

<usage>
    <p>The <directive>VHostGroup</directive> directive sets the Unix group
    under which the server will process requests to a virtualhost.
    The group is set before the request is processed and reset afterwards
    using <a
    href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
    >Solaris Privileges</a>.  Since the setting applies to the
    <em>process</em>, this is not compatible with threaded MPMs.</p>
    <p><var>Unix-group</var> is one of:</p>
    <dl>
      <dt>A group name</dt>
      <dd>Refers to the given group by name.</dd>

      <dt><code>#</code> followed by a group number.</dt>
      <dd>Refers to a group by its number.</dd>
    </dl>

    <note type="warning"><title>Security</title>
    <p>This directive cannot be used to run apache as root!
    Nevertheless, it opens potential security issues similar to
    those discussed in the <a href="../suexec.html">suexec</a>
    documentation.</p></note>
</usage>
<seealso><directive module="mod_unixd">Group</directive></seealso>
<seealso><directive module="mod_suexec">SuexecUserGroup</directive></seealso>
</directivesynopsis>

<directivesynopsis>
<name>VHostSecure</name>
<description>Determines whether the server runs with enhanced security
for the virtualhost.</description>
<syntax>VHostSecure On|Off</syntax>
<default>VHostSecure On</default>
<contextlist><context>virtual host</context></contextlist>
<compatibility>Available on Solaris 10 and OpenSolaris with
non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>

<usage>
    <p>Determines whether the virtual host processes requests with
    security enhanced by removal of <a
    href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
    >Privileges</a> that are rarely needed in a webserver, but which are
    available by default to a normal Unix user and may therefore
    be required by modules and applications.  It is recommended that
    you retain the default (On) unless it prevents an application running.
    Since the setting applies to the <em>process</em>, this is not
    compatible with threaded MPMs.</p>
    <note><title>Note</title>
    <p>If <directive>VHostSecure</directive> prevents an application
    running, this may be a warning sign that the application should be
    reviewed for security.</p></note>
</usage>
</directivesynopsis>

<directivesynopsis>
<name>VHostCGIMode</name>
<description>Determines whether the virtualhost can run
subprocesses, and the privileges available to subprocesses.</description>
<syntax>VHostCGIMode On|Off|Secure</syntax>
<default>VHostCGIMode On</default>
<contextlist><context>virtual host</context></contextlist>
<compatibility>Available on Solaris 10 and OpenSolaris with
non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>

<usage>
    <p>Determines whether the virtual host is allowed to run fork and exec,
    the <a
    href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
    >privileges</a> required to run subprocesses.  If this is set to
    <var>Off</var> the virtualhost is denied the privileges and will not
    be able to run traditional CGI programs or scripts under the traditional
    <module>mod_cgi</module>, nor similar external programs such as those
    created by <module>mod_ext_filter</module> or
    <directive module="mod_rewrite">RewriteMap</directive> <var>prog</var>.
    Note that it does not prevent CGI programs running under alternative
    process and security models such as <a href="http://fastcgi.coremail.cn"
    >mod_fcgid</a>, which is a recommended solution in Solaris.</p>
    <p>If set to <var>On</var> or <var>Secure</var>, the virtual host
    is permitted to run external programs and scripts as above.
    Setting <directive>VHostCGIMode</directive> <var>Secure</var> has
    the effect of denying privileges to the subprocesses, as described
    for <directive>VHostSecure</directive>.</p>
</usage>
</directivesynopsis>

<directivesynopsis>
<name>DTracePrivileges</name>
<description>Determines whether the privileges required by dtrace are enabled.</description>
<syntax>DTracePrivileges On|Off</syntax>
<default>DTracePrivileges Off</default>
<contextlist><context>server config</context></contextlist>
<compatibility>Available on Solaris 10 and OpenSolaris with
non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>

<usage>
    <p>This server-wide directive determines whether Apache will run with
    the <a
    href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
    >privileges</a> required to run
    <a href="http://www.sun.com/bigadmin/content/dtrace/">dtrace</a>.
    Note that <var>DTracePrivileges On</var> will not in itself
    activate DTrace, but <var>DTracePrivileges Off</var> will prevent
    it working.</p>
</usage>
</directivesynopsis>

<directivesynopsis>
<name>VHostPrivs</name>
<description>Assign arbitrary privileges to a virtual host.</description>
<syntax>VHostPrivs [+-]?<var>privilege-name</var> [[+-]?privilege-name] ...</syntax>
<default>None</default>
<contextlist><context>virtual host</context></contextlist>
<compatibility>Available on Solaris 10 and OpenSolaris with
non-threaded MPMs (<module>prefork</module> or custom MPM).
and when <module>mod_privileges</module> is compiled with the
<var>BIG_SECURITY_HOLE</var> compile-time option.</compatibility>

<usage>
    <p><directive>VHostPrivs</directive> can be used to assign arbitrary <a
    href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
    >privileges</a> to a virtual host.  Each <var>privilege-name</var>
    is the name of a Solaris privilege, such as <var>file_setid</var>
    or <var>sys_nfs</var>.</p>

    <p>A <var>privilege-name</var> may optionally be prefixed by
    + or -, which will respectively allow or deny a privilege.
    If used with neither + nor -, all privileges otherwise assigned
    to the virtualhost will be denied.  You can use this to override
    any of the default sets and construct your own privilege set.</p>

    <note type="warning"><title>Security</title>
    <p>This directive can open huge security holes in apache, up to
    and including running requests with root-level powers.  Do not
    use it unless you fully understand what you are doing!</p></note>
</usage>
</directivesynopsis>

<directivesynopsis>
<name>VHostCGIPrivs</name>
<description>Assign arbitrary privileges to subprocesses created
by a virtual host.</description>
<syntax>VHostPrivs [+-]?<var>privilege-name</var> [[+-]?privilege-name] ...</syntax>
<default>None</default>
<contextlist><context>virtual host</context></contextlist>
<compatibility>Available on Solaris 10 and OpenSolaris with
non-threaded MPMs (<module>prefork</module> or custom MPM)
and when <module>mod_privileges</module> is compiled with the
<var>BIG_SECURITY_HOLE</var> compile-time option.</compatibility>

<usage>
    <p><directive>VHostCGIPrivs</directive> can be used to assign arbitrary <a
    href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
    >privileges</a> to subprocesses created by a virtual host, as discussed
    under <directive>VHostCGIMode</directive>.  Each <var>privilege-name</var>
    is the name of a Solaris privilege, such as <var>file_setid</var>
    or <var>sys_nfs</var>.</p>

    <p>A <var>privilege-name</var> may optionally be prefixed by
    + or -, which will respectively allow or deny a privilege.
    If used with neither + nor -, all privileges otherwise assigned
    to the virtualhost will be denied.  You can use this to override
    any of the default sets and construct your own privilege set.</p>

    <note type="warning"><title>Security</title>
    <p>This directive can open huge security holes in apache subprocesses,
    up to and including running them with root-level powers.  Do not
    use it unless you fully understand what you are doing!</p></note>
</usage>
</directivesynopsis>


</modulesynopsis>
1	niq	713961	<?xml version="1.0"?>
2			<!DOCTYPE modulesynopsis SYSTEM "../style/modulesynopsis.dtd">
3			<?xml-stylesheet type="text/xsl" href="../style/manual.en.xsl"?>
4	rpluem	718015	<!-- $LastChangedRevision$ -->
5	niq	713961
6			<!--
7			Licensed to the Apache Software Foundation (ASF) under one or more
8			contributor license agreements. See the NOTICE file distributed with
9			this work for additional information regarding copyright ownership.
10			The ASF licenses this file to You under the Apache License, Version 2.0
11			(the "License"); you may not use this file except in compliance with
12			the License. You may obtain a copy of the License at
13
14			http://www.apache.org/licenses/LICENSE-2.0
15
16			Unless required by applicable law or agreed to in writing, software
17			distributed under the License is distributed on an "AS IS" BASIS,
18			WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
19			See the License for the specific language governing permissions and
20			limitations under the License.
21			-->
22
23			<modulesynopsis metafile="mod_privileges.xml.meta">
24
25			<name>mod_privileges</name>
26			<description>Support for Solaris privileges and for running virtual hosts
27			under different user IDs.</description>
28			<status>Experimental</status>
29			<identifier>privileges_module</identifier>
30			<compatibility>Available in Apache 2.3 and up, on Solaris 10 and
31			OpenSolaris platforms</compatibility>
32
33			<summary>
34			<p>This module enables different Virtual Hosts to run with different
35			Unix™ <var>User</var> and <var>Group</var> IDs, and with different
36			<a href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
37			>Solaris Privileges</a>. In particular, it offers a solution to the
38			problem of privilege separation between different Virtual Hosts, first
39			promised by the abandoned <module>perchild</module> MPM.
40			It also offers other security enhancements.</p>
41
42			<p>Unlike <module>perchild</module>, <module>mod_privileges</module>
43			is not itself an MPM. It works <em>within</em> a processing model to
44			set privileges and User/Group <em>per request</em> in a running process.
45			It is therefore not compatible with a threaded MPM, and will refuse
46			to run under one.</p>
47
48			<p><module>mod_privileges</module> raises security issues similar to
49			those of <a href="../suexec.html">suexec</a>. But unlike suexec,
50			it applies not only to CGI programs but to the entire request processing
51			cycle, including in-process applications and subprocesses.
52			It is ideally suited to running PHP applications under <strong>mod_php</strong>,
53			which is also incompatible with threaded MPMs. It is also well-suited
54			to other in-process scripting applications such as <strong>mod_perl</strong>,
55			<strong>mod_python</strong>, and <strong>mod_ruby</strong>, and to
56			applications implemented in C as apache modules where privilege
57			separation is an issue.</p>
58
59			</summary>
60
61			<directivesynopsis>
62			<name>VHostUser</name>
63			<description>Sets the User ID under which a virtual host runs.</description>
64			<syntax>VHostUser <var>unix-userid</var></syntax>
65			<default>Inherits the userid specified in
66			<directive module="mod_unixd">User</directive></default>
67			<contextlist><context>virtual host</context></contextlist>
68			<compatibility>Available on Solaris 10 and OpenSolaris with
69			non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>
70
71			<usage>
72			<p>The <directive>VHostUser</directive> directive sets the Unix userid
73			under which the server will process requests to a virtualhost.
74			The userid is set before the request is processed and reset afterwards
75			using <a
76			href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
77			>Solaris Privileges</a>. Since the setting applies to the
78			<em>process</em>, this is not compatible with threaded MPMs.</p>
79			<p><var>Unix-userid</var> is one of:</p>
80			<dl>
81			<dt>A username</dt>
82			<dd>Refers to the given user by name.</dd>
83
84			<dt><code>#</code> followed by a user number.</dt>
85			<dd>Refers to a user by its number.</dd>
86			</dl>
87
88			<note type="warning"><title>Security</title>
89			<p>This directive cannot be used to run apache as root!
90			Nevertheless, it opens potential security issues similar to
91			those discussed in the <a href="../suexec.html">suexec</a>
92			documentation.</p></note>
93			</usage>
94			<seealso><directive module="mod_unixd">User</directive></seealso>
95			<seealso><directive module="mod_suexec">SuexecUserGroup</directive></seealso>
96			</directivesynopsis>
97
98			<directivesynopsis>
99			<name>VHostGroup</name>
100			<description>Sets the Group ID under which a virtual host runs.</description>
101			<syntax>VHostGroup <var>unix-groupid</var></syntax>
102			<default>Inherits the group id specified in
103			<directive module="mod_unixd">Group</directive></default>
104			<contextlist><context>virtual host</context></contextlist>
105			<compatibility>Available on Solaris 10 and OpenSolaris with
106			non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>
107
108			<usage>
109			<p>The <directive>VHostGroup</directive> directive sets the Unix group
110			under which the server will process requests to a virtualhost.
111			The group is set before the request is processed and reset afterwards
112			using <a
113			href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
114			>Solaris Privileges</a>. Since the setting applies to the
115			<em>process</em>, this is not compatible with threaded MPMs.</p>
116			<p><var>Unix-group</var> is one of:</p>
117			<dl>
118			<dt>A group name</dt>
119			<dd>Refers to the given group by name.</dd>
120
121			<dt><code>#</code> followed by a group number.</dt>
122			<dd>Refers to a group by its number.</dd>
123			</dl>
124
125			<note type="warning"><title>Security</title>
126			<p>This directive cannot be used to run apache as root!
127			Nevertheless, it opens potential security issues similar to
128			those discussed in the <a href="../suexec.html">suexec</a>
129			documentation.</p></note>
130			</usage>
131			<seealso><directive module="mod_unixd">Group</directive></seealso>
132			<seealso><directive module="mod_suexec">SuexecUserGroup</directive></seealso>
133			</directivesynopsis>
134
135			<directivesynopsis>
136			<name>VHostSecure</name>
137			<description>Determines whether the server runs with enhanced security
138			for the virtualhost.</description>
139			<syntax>VHostSecure On\|Off</syntax>
140			<default>VHostSecure On</default>
141			<contextlist><context>virtual host</context></contextlist>
142			<compatibility>Available on Solaris 10 and OpenSolaris with
143			non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>
144
145			<usage>
146			<p>Determines whether the virtual host processes requests with
147			security enhanced by removal of <a
148			href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
149			>Privileges</a> that are rarely needed in a webserver, but which are
150			available by default to a normal Unix user and may therefore
151			be required by modules and applications. It is recommended that
152			you retain the default (On) unless it prevents an application running.
153			Since the setting applies to the <em>process</em>, this is not
154			compatible with threaded MPMs.</p>
155			<note><title>Note</title>
156			<p>If <directive>VHostSecure</directive> prevents an application
157			running, this may be a warning sign that the application should be
158			reviewed for security.</p></note>
159			</usage>
160			</directivesynopsis>
161
162			<directivesynopsis>
163			<name>VHostCGIMode</name>
164			<description>Determines whether the virtualhost can run
165			subprocesses, and the privileges available to subprocesses.</description>
166			<syntax>VHostCGIMode On\|Off\|Secure</syntax>
167			<default>VHostCGIMode On</default>
168			<contextlist><context>virtual host</context></contextlist>
169			<compatibility>Available on Solaris 10 and OpenSolaris with
170			non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>
171
172			<usage>
173			<p>Determines whether the virtual host is allowed to run fork and exec,
174			the <a
175			href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
176			>privileges</a> required to run subprocesses. If this is set to
177			<var>Off</var> the virtualhost is denied the privileges and will not
178			be able to run traditional CGI programs or scripts under the traditional
179			<module>mod_cgi</module>, nor similar external programs such as those
180			created by <module>mod_ext_filter</module> or
181			<directive module="mod_rewrite">RewriteMap</directive> <var>prog</var>.
182			Note that it does not prevent CGI programs running under alternative
183			process and security models such as <a href="http://fastcgi.coremail.cn"
184			>mod_fcgid</a>, which is a recommended solution in Solaris.</p>
185			<p>If set to <var>On</var> or <var>Secure</var>, the virtual host
186			is permitted to run external programs and scripts as above.
187			Setting <directive>VHostCGIMode</directive> <var>Secure</var> has
188			the effect of denying privileges to the subprocesses, as described
189			for <directive>VHostSecure</directive>.</p>
190			</usage>
191			</directivesynopsis>
192
193			<directivesynopsis>
194			<name>DTracePrivileges</name>
195			<description>Determines whether the privileges required by dtrace are enabled.</description>
196			<syntax>DTracePrivileges On\|Off</syntax>
197			<default>DTracePrivileges Off</default>
198			<contextlist><context>server config</context></contextlist>
199			<compatibility>Available on Solaris 10 and OpenSolaris with
200			non-threaded MPMs (<module>prefork</module> or custom MPM).</compatibility>
201
202			<usage>
203			<p>This server-wide directive determines whether Apache will run with
204			the <a
205			href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
206			>privileges</a> required to run
207			<a href="http://www.sun.com/bigadmin/content/dtrace/">dtrace</a>.
208			Note that <var>DTracePrivileges On</var> will not in itself
209			activate DTrace, but <var>DTracePrivileges Off</var> will prevent
210			it working.</p>
211			</usage>
212			</directivesynopsis>
213
214			<directivesynopsis>
215			<name>VHostPrivs</name>
216			<description>Assign arbitrary privileges to a virtual host.</description>
217			<syntax>VHostPrivs [+-]?<var>privilege-name</var> [[+-]?privilege-name] ...</syntax>
218			<default>None</default>
219			<contextlist><context>virtual host</context></contextlist>
220			<compatibility>Available on Solaris 10 and OpenSolaris with
221			non-threaded MPMs (<module>prefork</module> or custom MPM).
222			and when <module>mod_privileges</module> is compiled with the
223			<var>BIG_SECURITY_HOLE</var> compile-time option.</compatibility>
224
225			<usage>
226			<p><directive>VHostPrivs</directive> can be used to assign arbitrary <a
227			href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
228			>privileges</a> to a virtual host. Each <var>privilege-name</var>
229			is the name of a Solaris privilege, such as <var>file_setid</var>
230			or <var>sys_nfs</var>.</p>
231
232			<p>A <var>privilege-name</var> may optionally be prefixed by
233			+ or -, which will respectively allow or deny a privilege.
234			If used with neither + nor -, all privileges otherwise assigned
235			to the virtualhost will be denied. You can use this to override
236			any of the default sets and construct your own privilege set.</p>
237
238			<note type="warning"><title>Security</title>
239			<p>This directive can open huge security holes in apache, up to
240			and including running requests with root-level powers. Do not
241			use it unless you fully understand what you are doing!</p></note>
242			</usage>
243			</directivesynopsis>
244
245			<directivesynopsis>
246			<name>VHostCGIPrivs</name>
247			<description>Assign arbitrary privileges to subprocesses created
248			by a virtual host.</description>
249			<syntax>VHostPrivs [+-]?<var>privilege-name</var> [[+-]?privilege-name] ...</syntax>
250			<default>None</default>
251			<contextlist><context>virtual host</context></contextlist>
252			<compatibility>Available on Solaris 10 and OpenSolaris with
253			non-threaded MPMs (<module>prefork</module> or custom MPM)
254			and when <module>mod_privileges</module> is compiled with the
255			<var>BIG_SECURITY_HOLE</var> compile-time option.</compatibility>
256
257			<usage>
258			<p><directive>VHostCGIPrivs</directive> can be used to assign arbitrary <a
259			href="http://www.sun.com/bigadmin/features/articles/least_privilege.jsp"
260			>privileges</a> to subprocesses created by a virtual host, as discussed
261			under <directive>VHostCGIMode</directive>. Each <var>privilege-name</var>
262			is the name of a Solaris privilege, such as <var>file_setid</var>
263			or <var>sys_nfs</var>.</p>
264
265			<p>A <var>privilege-name</var> may optionally be prefixed by
266			+ or -, which will respectively allow or deny a privilege.
267			If used with neither + nor -, all privileges otherwise assigned
268			to the virtualhost will be denied. You can use this to override
269			any of the default sets and construct your own privilege set.</p>
270
271			<note type="warning"><title>Security</title>
272			<p>This directive can open huge security holes in apache subprocesses,
273			up to and including running them with root-level powers. Do not
274			use it unless you fully understand what you are doing!</p></note>
275			</usage>
276			</directivesynopsis>
277
278
279
280			</modulesynopsis>