httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lou Langholtz <...@chpc.utah.edu>
Subject Re: configfile_t.param
Date Tue, 02 Jun 1998 19:10:09 GMT
Dean Gaudet wrote:

> On Mon, 1 Jun 1998, Lou Langholtz wrote:
>
> > It seems like we're loosing something here that we dont want to lose
> > though. With all the hiding we should at least leave behind some
> > method pointers with which we can get info on the configuration
> > "objects" such as their type, and owner.
>
> Owner makes no sense in many contexts.

That doesn't have to be the case. I think we should take a more empowering
direction with directory based config "objects" and strengthen there tie to
ACL info in whatever underlying form we can get it.

> > > I suspect that there's an entirely easier solution that isn't prone to
> > > security problems.  If this is crud in ~user URLs then just use the
> > > embedded user in the URL.  Otherwise it's probably crud under a
> > > /blah/blah/docroot/user hierarchy (where user may be a domain name) and
> > > you can compare against the uid of that file.  Without knowing a lot more
> > > about your application I can't say.
> > >
> > > Dean
> >
> > The application is a module for logging on a per-directory basis.
> > The way I've set it up, users get to see accesses as they're handled
> > with all the per-hit relevant info possible in their own logs without
> > seeing everyone elses hits.
> >
> > So how would you suggest doing it instead of the way I've gone about
> > describing? Certainly in the 1.3 line of apache this would be better
> > rolled into the existing logging module than having a seperate module
> > like it's currently. But what other mechanism besides using the htacces
> > file would you suggest to enable any directory to configure logging for
> > hits to files anywhere underneath it that could also be done by users
> > securely?
>
> Do you have some mapping from URL to user?  i.e. www.foobar.com/~user has
> an obvious mapping.  Or if www.foobar.com's pages are handled under
> /www/docroot/www.foobar.com/ then the mapping is to use the uid of
> /www/docroot/www.foobar.com.  In general once you've got a mapping from
> URL to user the rest is trivial.  Test that the user of the mapping is the
> same as the user owning the directory containing the log file.
>
> Or better yet, don't let the users put logs in arbitrary places.  Put
> Allow them to give a filename for a log only.  Then you could log
> to ~$user/http_logs/$filename.
>
> If your system uses user private groups (i.e. redhat, freebsd?), you
> can simplify the security model even further by putting the logs in
> /www/logs/$user/$filename.  Suppose httpd runs as www then the
> perms are as follows:
>
>     /www/logs                   uid=www gid=whatever, mode=755
>     /www/logs/$user             uid=www, gid=$user, mode=750
>     /www/logs/$user/$filename   uid=www, gid=$user, mode=640
>
> Then you don't need any sophisticated symlink checks.

I'll call this worse then how I was trying to do it. It doesn't give me anyway
to delegate authority to subtree's of content to other users without giving them
their own virtual web server.


Mime
View raw message