httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Montague <m...@catseye.org>
Subject Re: [users@httpd] Fork as 'REMOTE_USER' instead of 'User'
Date Tue, 28 Feb 2012 13:32:44 GMT
On February 28, 2012 3:32 , =?ISO-8859-1?Q?Micka=EBl_CAN=C9VET?= 
<canevet@embl.fr> wrote:
> I'd like to know if there is a way to tell apache httpd to fork as
> 'REMOTE_USER' instead of 'User' variable defined in httpd.conf.
>
> The idea is to export a filesystem through HTTP (Dav), and instead of
> giving apache's user read/write access on the files and play
> with .htaccess for each folder, let apache fork as the authenticated
> user so that I can use POSIX rights to give access.


What you're talking about is called "Privilege separation".  Please see 
the wiki page on the subject, which goes into the topic in detail and 
discusses the difficulties and various potential solutions:

https://wiki.apache.org/httpd/PrivilegeSeparation


--
   Mark Montague
   mark@catseye.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message