httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Kuit ...@it.uts.edu.au>
Subject apache itself to seteuid
Date Tue, 15 Oct 2002 03:01:49 GMT

Is there currently a way to configure apache so that the server
itself suid's to the owner of a page?

ie
Accessing http://<hostname>/~username
will causes httpd to setuid to username while accessing files with
~username/public_html?

This isn't the same as suexec, which only runs cgis as the owner.

The problem is that I work in an academic environment, where some
assignments are web pages written in jsp, php, perl and etc, and the
required permissions on ~username and ~username/public_html requires
that the web server (and tomcat if being used) can access the files.

Plagiarism becomes an issue when any student can write a simple program
(eg in perl) to search through other people's public_html directories.

I can only think of two solutions:
1) each student runs their own web server as themselves (httpd runs as
their own uid).
2) httpd runs as root with seteuid calls to the user specified in
the url.

In both cases, the result is that the public_html would only require
access permissions for the owner himself.

I know the solutions above are incomplete, for example they would
still not work for tomcat, I'm just wondering if this issue has
been addressed before, and how was it resolved?

Thanks for any help.

Bj

-- 
+-------------------------------+--------------------------------------+
|      Benjamin (Bj) Kuit       |  Building CB10.3.354                 |
|      Systems Programmer       |  Faculty of Information Technology   |
|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
|      Mobile: 0416 184 972     |  Email: bj@it.uts.edu.au             |
+-------------------------------+--------------------------------------+

Mime
View raw message