Return-Path: 
 <modules-dev-return-3650-apmail-httpd-modules-dev-archive=httpd.apache.org@httpd.apache.org>
X-Original-To: apmail-httpd-modules-dev-archive@minotaur.apache.org
Delivered-To: apmail-httpd-modules-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id D628F759D
	for <apmail-httpd-modules-dev-archive@minotaur.apache.org>;
 Tue,  4 Oct 2011 22:44:14 +0000 (UTC)
Received: (qmail 34419 invoked by uid 500); 4 Oct 2011 22:44:14 -0000
Delivered-To: apmail-httpd-modules-dev-archive@httpd.apache.org
Received: (qmail 34389 invoked by uid 500); 4 Oct 2011 22:44:14 -0000
Mailing-List: contact modules-dev-help@httpd.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:modules-dev-help@httpd.apache.org>
List-Unsubscribe: <mailto:modules-dev-unsubscribe@httpd.apache.org>
List-Post: <mailto:modules-dev@httpd.apache.org>
List-Id: <modules-dev.httpd.apache.org>
Reply-To: modules-dev@httpd.apache.org
Delivered-To: mailing list modules-dev@httpd.apache.org
Received: (qmail 34381 invoked by uid 99); 4 Oct 2011 22:44:14 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Oct 2011 22:44:14 +0000
X-ASF-Spam-Status: No, hits=-0.0 required=5.0
	tests=SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of dbridgens@soogate.com
 designates 62.233.108.95 as permitted sender)
Received: from [62.233.108.95] (HELO mail10.soogate.com) (62.233.108.95)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 04 Oct 2011 22:44:06 +0000
Received: from [10.0.0.4] (unknown [217.155.51.142])
	by mail10.soogate.com (Postfix) with ESMTPSA id 3735E1DD373
	for <modules-dev@httpd.apache.org>; Tue,  4 Oct 2011 23:43:12 +0100 (BST)
Date: Tue, 4 Oct 2011 23:43:44 +0100 (BST)
From: Doug Bridgens <dbridgens@soogate.com>
X-X-Sender: doug@localhost.localdomain
To: modules-dev@httpd.apache.org
Subject: running a module as a different uid
Message-ID: <alpine.LFD.2.00.1110042326510.2182@localhost.localdomain>
User-Agent: Alpine 2.00 (LFD 1167 2008-08-23)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; format=flowed; charset=US-ASCII

Hi,

I have written a file sync module, that will pull files from web server 1 
to web server 2.  the module on web server 2 writes the file (whether an 
image file or a code file) into the right place in the docroot.  It's kind 
of experimental.

there are clearly security problems with this.  the module runs as the 
user/group of the httpd process, so all files become writeable by httpd in 
the docroot.

my question is, are there any suggestions as to something like switch uid 
on a module basis ?  this module is only enabled for a specific 
<Location>, and access is restricted by IP.  it's intended to sync files 
between a farm of privately connected web servers (a front end tier).

at the moment I am thinking a second apache instance running on a 
different port (say 81), and running as a different uid/gid.  this second 
instance only serves requests for this module/Location.  but it seems a 
bit ugly.


cheers,
Doug