httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Doug Bridgens <dbridg...@soogate.com>
Subject running a module as a different uid
Date Tue, 04 Oct 2011 22:43:44 GMT
Hi,

I have written a file sync module, that will pull files from web server 1 
to web server 2.  the module on web server 2 writes the file (whether an 
image file or a code file) into the right place in the docroot.  It's kind 
of experimental.

there are clearly security problems with this.  the module runs as the 
user/group of the httpd process, so all files become writeable by httpd in 
the docroot.

my question is, are there any suggestions as to something like switch uid 
on a module basis ?  this module is only enabled for a specific 
<Location>, and access is restricted by IP.  it's intended to sync files 
between a farm of privately connected web servers (a front end tier).

at the moment I am thinking a second apache instance running on a 
different port (say 81), and running as a different uid/gid.  this second 
instance only serves requests for this module/Location.  but it seems a 
bit ugly.


cheers,
Doug


Mime
View raw message