Subject: Re: mailman and apache, straight from pkgsrc, not happy...
To: Matthias Buelow <mkb@mukappabeta.de>
From: Greg A. Woods <woods@weird.com>
List: netbsd-users
Date: 09/04/2003 17:44:43 
[ On Thursday, September 4, 2003 at 23:24:44 (+0200), Matthias Buelow wrote: ]
> Subject: Re: mailman and apache, straight from pkgsrc, not happy...
>
> Yes, I am aware of that.  A small drawback is that it is done with the
> help of a setuid root wrapper program, which incorporates a certain
> performance penalty.  Although that penalty might not be high, it isn't
> quite the same as if the httpd ran the CGIs straight ahead.

It's basically just two exec()s instead of one, and the extra one is of
a rather tiny program that can (and should) be statically linked to
avoid the further unnecessary overhead of also running ld.so.  The
amount of other CPU overhead by SUEXEC itself is not really even a
measurable part of the whole job.

>  Still,
> considering that mailman is written (afaik) in Python scripts, the
> overhead of loading the script interpreter is likely high enough to
> make the setuid wrapper's overhead negligible.

Even just the execution of 'ld.so' when first starting the python
interpreter is far more overhead than SUEXEC alone is.  :-)

>  And also mailing list
> administration through a web interface isn't much of a high performance
> thing anyways.

Now there you go!  That's the spirit!

As I say it works quite well on a rather modest machine for a user
management database -- and what I didn't say is that the database CGIs
are also written in Python (with PostgreSQL in the back) and it handles
tens of thousands of accounts and they are accessed quite regularly
throughout the business day by a half dozen users as well as on occasion
by the end users too.

Building the Python interpreter right into Apache would solve the
problem, though I don't think this is (yet) possible in pkgsrc and it
would also then require running different Apache instances for each
separate application run on the same server so that each could run as a
unique UID.

-- 
						Greg A. Woods

+1 416 218-0098                  VE3TCP            RoboHack <woods@robohack.ca>
Planix, Inc. <woods@planix.com>          Secrets of the Weird <woods@weird.com>