Apache2-mpm-itk provides a modified httpd daemon that allows each web site (vhost) in a shared hosting environment to run under a separate user account.
By default, without a solution like mpm-itk, all web sites run under the "apache" user account. If managed by multiple entities, or if one site is hacked, there are serious security implications. All files including .htpasswd files, PHP configuration files, and database login credentials must be readable by the "apache" user.
Features within PHP designed to mitigate these problems, such as Safe Mode, are next to useless and trivial to bypass. Safe Mode has been removed from PHP 5.4 and above.
Instead of running as the "apache" user, httpd runs as root with limited privileges. After determining which web site the request is for, httpd then su's to a designated user account for that site, or failing that, to the regular apache user.
More information: http://mpm-itk.sesse.net/
mkdir server/mpm/experimental/itk/ cp server/mpm/prefork/* server/mpm/experimental/itk/ mv server/mpm/experimental/itk/prefork.c server/mpm/experimental/itk/itk.c rpm -ivh httpd-2.2.3-65.el5.centos.3.src.rpm rpmbuild -bb /usr/src/redhat/SPECS/httpd.spec cd /usr/src/redhat/RPMS/`uname -i`/ rpm -ivh httpd-itk-2.2.3-65.el5.centos.3.`uname -i`.rpm
HTTPD=/usr/sbin/httpd.itk
Important: This tutorial is specific to CentOS 5. Always test in a development environment first and backup your current Apache configuration.