On Fri, Mar 20, 2015 at 6:40 PM, Jeremy Nicklas <
jnick...@gmail.com> wrote:
> In our current setup we launch a new Apache server for each user. This has
> the overwhelming benefit of having a Passenger App launch processes on our
> system as an OS-user while maintaining security through system level file
> permissions. Users won't be able to access files or executables they weren't
> already given permission to at the system-level from within the Passenger
> App.
>
> Unless I am misunderstanding how the spawning process goes this should be
> less expensive than launching an entire Apache server per user.
Spawning an application process is actually more expensive than
launching an Apache instance. Compared to most Ruby/Python/Node.js
apps, Apache is tiny and starts up very quickly, maybe in half a
second, and uses a few MB of memory. In contrast, a Rails app can take
5 seconds or longer to start, and can use 200+ MB of memory.
> So if UserA requests a Passenger App the HelperAgent would spawn a process
> under UserA's account. Then if UserB made a request to that same app then it
> would spawn a process under UserB's account. No matter how many requests
> UserA made to the app, it wouldn't spawn a new process and continue to use
> the process launched under UserA's account? Is that understanding correct?
That depends on your configuration. If you set PassengerMaxInstances
to 1, then yes. If not, then Passenger may decide to spawn more UserA
app processes depending on the amount of traffic.
> Or would it literally spawn a new process for UserA for every single request
> he made to the app?
No, it doesn't, because spawning a process is so expensive.
Now that I look back at your question, maybe you're not talking about
the *system* environment variables, but the *Rack/request/CGI*
environment variables. Those are two different things. REMOTE_USER is
already set in the Rack/request/CGI environment variables.