httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Shea <s...@gtsdesign.com>
Subject Re: userspace permissions
Date Mon, 18 Oct 1999 19:39:06 GMT
> > On Mon, 18 Oct 1999, Ragnar Kurm wrote:
> > 
> > > question: if and how can i run httpd with virtual hosts so that all files
> > > for virtualdomain are accessed as different user. in the other words can
> > > apache httpd configured to have uid x if it needs to access virtual domain
> > > y and uid m for virtual domain n.

Ragnar -- This is one of those threads that come up from time to
time... I too have had this problem and have come up with a set
of patches that I use.  Peter W's suggestion is surely a more secure
solution (albeit probably a bit slow), but I hacked mod_cgi and
suexec to get the needed effect.  I have heard of another good solution
which I hope to put into effect one of these days.  I need
per-directory control over what user/grp cgi's get run as: the idea is
to have suexec parse a config file which maps cgi directories to
user/group id.  This solution requires no hacking of httpd at all,
just some major hacks to suexec.  Since the Apache project folks
want nothing to do with having security alerts issued with the
Apache name all over it, they will never stand behind an iffy solution
of this kind, so we have to do it ourselves... they MIGHT let us
stick the suexec patches in their contrib directory, but I dunno...
last time I asked if I could put my newer version of the mod_cgi/suexec
patches in the contrib directory, I was met with deafening silence.
I think my old patches are still there, for 1.3b3.  I'm currently
running 1.3.3 until I switch over to the pure-suexec solution.

	Gary

-----------------------------------------------------------------
Gary Shea                                       shea@xmission.com
Salt Lake City                      http://www.xmission.com/~shea


Mime
View raw message