httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Somogyi <psomo...@gamax.hu>
Subject make use of fs ACLs
Date Mon, 04 Jun 2007 16:06:22 GMT
Hi,

We would like to have an autoindex-like file serving functionality of apache 
web server that avoids usage of .htaccess file, but uses filesystem's ACLs 
instead. Moreover we don't want to require wwwrun to be allowed in every 
file/dir ACLs.

For authentication we'd use e.g. mod_auth_external + pwauth.
Our aim is access checking:
- check whether a requested file is downloadable by the given user
- check whether the given user has access to the directory
- check which files are visible to the given user when listing a directory 
content (e.g. via autoindex module)
So far readonly functionality is enough.

To achieve this, we have been thinking about writing a modification of 
autoindex.c which forks a child executing a newly written tool which 
_becomes_ the authenticated user and lists directory content. File open check 
and file content read would be done by this tool as well. (I still don't know 
where to modify/hook into file download and how to cache forking.)

I'm curious why such a feature is not yet already implemented. I don't stick 
to autoindex, we just need a similar functionality over http.

Does anybody know any existing solution for this, or a better idea how to make 
it?

We appreciate any comments on this.

Peter

Mime
View raw message