httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sterling <sterl...@covalent.net>
Subject Re: [PATCH] Enhancement to mod_auth
Date Sat, 08 Sep 2001 21:53:04 GMT
On Fri, 7 Sep 2001, Rodent of Unusual Size wrote:

> * On 2001-08-10 at 19:43,
>   Rodent of Unusual Size <Ken.Coar@golux.com> excited the electrons to say:
> >
> > In response to a private query, I worked up a little patch
> > to add an enhancement to mod_auth: in addition to 'require valid-user'
> > and 'require user xxx yyy zzz' the enhanced version recognises
> > 'require owner'.  The idea is that access is granted if the
> > user is authenticated AND matches the username of the owner of
> > the file.
>
> Okey, here is the first part of the patch.  I am submitting it
> to the list rather than just committing it because I am not
> sure about the use of non-threadsafe getpwuid() and getgrgid().
> However, since we use those elsewhere, if no-one has any comments
> within a couple of days I will go ahead and commit it.
>
> Note that this first pass is for *1.3* rather than 2.0, because
> the person who asked for it is using 1.3.  I will bring it
> forward to 2.0 after it is committed to 1.3.
>
> I actually took it a step further than stated in the quotation
> above; the new keywords for Require are 'file-owner' and 'file-group';
> if there is an AuthGroupFile, and the file's group is listed in it,
> and the authenticated user is in that group, 'file-group' will
> grant access.
>


FWIW:
  i still say 'Require valid-user' should be handled by the core.... i've
said this before, but its kinda kludgy the way it is.  e.g: if you are
using mod_auth_db and have a 'Require valid-user' it only works if
mod_auth is enabled......

sure, mod_auth is enabled by default, but.......


sterling


Mime
View raw message