httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 48808] New: mod_authz_owner support for POSIX access control lists
Date Wed, 24 Feb 2010 12:21:52 GMT

           Summary: mod_authz_owner support for POSIX access control lists
           Product: Apache httpd-2
           Version: 2.3-HEAD
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: Other Modules

This is an enhancement request for the mod_authz_owner module to support
posix acls, enabling fine-grained, filesystem-based authorization.
Currently it only respects the primary owner and group of files.

Many Unix-like systems support posix acls, including Linux, BSD and
Solaris. OSX and Windows have similar features, but these might be more
difficult and/or less useful to interface with. Linux would be the
preferred platform for a pilot implementation.

>From my perspective, the primary usecase is a file download system, where
Apache provides the HTTP access method in parallel with others, such as
shell/ ssh/scp and Samba for CIFS/SMB, to access the same set of files.
Authentication is based on LDAP (both in Apache, Samba and nsswitch).
Currently, access control happens in three places: 1) Apache .htaccess
and/or Directory/Location directives in the config, 2) Samba's additional
user/group directives in smb.conf, and 3) file/dir ownership. Keeping
the access control purely in the filesystem (with POSIX ACLs) would avoid
the fragmentation and difficulty of maintenance, as long as the access-
providing applications (Apache, Samba, etc) support it.

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message