httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zysman, Roiy" <roiy.zys...@intel.com>
Subject [users@httpd] Apache and NIS constraints question - cont
Date Mon, 10 Feb 2003 21:32:28 GMT
Hi All,

Thanks for the replies . Some other points that were probably missing
from my description
1. Can't compile or modify nfs clients/servers - thx Tim for the tip ,
looks interesting.
2. the file system is the part I want to protect. I'm not worried about
secured web browsing because I know/have methods for protecting it
It's the file system that is the issue here.

I keep thinking that perchild is the ideal solution (running several
servers , each with its uid and gid) , but the fact is that perchild
isn't 'ripe' wet.
And I'm speaking from my long hours of testing and hacking (at least
trying to) hours of using and modifying perchild.

There is another solution that came up which is using ports other than
80 . Running several apache servers each with its own port 80,81,82...
But I guess that apache administrators are shouting "nooooooo..." while
reading the previous line because of the administration headache it can
give 
A poor administrator trying to run ~20 httpd servers on a single box is
unbearable. Not to mention the poor users who have to remember which
port was their site on , was it
81 or 86 ??

I'm keeping my search for a better, painless, mystical solution.
If anyone has it , I'd be happy to hear about it. 

Roiy






=============================


Hi All,

Our environment uses Apache 2.0 that reads NFS docs areas.
NIS has a constrain that a uid can't belong to more than 16 NIS groups
Here starts the problem : How can apache read secured (not open to
'other' e.g. XX0 permissions) areas. I can do it by adding the apache
user  to each NIS group , but that might be bad once I cross the 16
groups limit. I could use a mechanism like SUExec , if it worked for
docs and not just for CGI files. I could use perchild (e.g. running a
virtual server with different uid and gid), If it worked properly.

Has anybody faced this kind of problem and solved it with any out of the
box means ? I'd be happy to hear other suggestions as well.

10x, Roiy

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server
Project. See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message