I ran across this after trying to solve the same issue in nginx - actually I think I responded to your initial question in the unix stack exchange, which probably spurred this development.
I had to make davt flexible enough to take UIDs, GIDs, and potentially a list of GIDs to impersonate a user. I haven't thoroughly tested it yet, but it works fine even with the the async/thread pool implementation of nginx (because file descriptors are done in a single process, where the impersonation happens). Probably a similar approach could be done with apache, I'm not sure.
I ran across this after trying to solve the same issue in nginx - actually I think I responded to your initial question in the unix stack exchange, which probably spurred this development.
I started working on davt ( https://github.com/lsst-dm/davt, see this file specifically: https://github.com/lsst-dm/davt/blob/ded56645e47e8281dc74ffd36d3c12110dab36a8/davt.lua ) a lua module for use in nginx to aid in implementing impersonation per-request.
I had to make davt flexible enough to take UIDs, GIDs, and potentially a list of GIDs to impersonate a user. I haven't thoroughly tested it yet, but it works fine even with the the async/thread pool implementation of nginx (because file descriptors are done in a single process, where the impersonation happens). Probably a similar approach could be done with apache, I'm not sure.