httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mickaël CANÉVET <cane...@embl.fr>
Subject Re: [users@httpd] Fork as 'REMOTE_USER' instead of 'User'
Date Tue, 28 Feb 2012 13:46:03 GMT
Thanks a lot for pointing me out this page. I do understand now why this
doesn't exist by default.

Wouldn't it be possible to modify mpm-itk a bit to fork as connected
user instead of statically defined users ?

On Tue, 2012-02-28 at 08:32 -0500, Mark Montague wrote:
> On February 28, 2012 3:32 , =?ISO-8859-1?Q?Micka=EBl_CAN=C9VET?= 
> <canevet@embl.fr> wrote:
> > I'd like to know if there is a way to tell apache httpd to fork as
> > 'REMOTE_USER' instead of 'User' variable defined in httpd.conf.
> >
> > The idea is to export a filesystem through HTTP (Dav), and instead of
> > giving apache's user read/write access on the files and play
> > with .htaccess for each folder, let apache fork as the authenticated
> > user so that I can use POSIX rights to give access.
> 
> 
> What you're talking about is called "Privilege separation".  Please see 
> the wiki page on the subject, which goes into the topic in detail and 
> discusses the difficulties and various potential solutions:
> 
> https://wiki.apache.org/httpd/PrivilegeSeparation
> 
> 
> --
>    Mark Montague
>    mark@catseye.org
> 


Mime
View raw message