www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christian Heinze...@x.ray.net>
Subject general/985: suggestion: check permissions via os-userbase
Date Mon, 11 Aug 1997 11:10:01 GMT

>Number:         985
>Category:       general
>Synopsis:       suggestion: check permissions via os-userbase
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Mon Aug 11 04:10:00 1997
>Originator:     x@x.ray.net
>Organization:
apache
>Release:        any
>Environment:
Linux 2.0.30 i486
>Description:
i hope the bugreport page is correct for suggestions - at least that's what the faq said...
:)

i've been struggeling with my apache httpd (*ix) for a while now and found out that there's
a powerful feature missing.
a security-system that uses the os' userbase and permissions. i.e.:

e.g. if the following file is requested:
-rw-r-----   1 root     users       13722 Apr 25 01:28 /foo/bar.html
it can't be read by the default apache user, say wwwrun with nogroup. so apache sends a uid/pwd-query
window and checks the input against the os' userbase. if the input was correct, apache changes
to the user's uid and tries to execute the request with the user's permissions. if not ->
uid/pwd-query window, and so on...
the same would work great with cgi-binaries (i'm dreaming of the possibilities i'd have together
with web/cgi-interfaced sql-databases... *sigh* :) ).

i think such a totally os-transparent user/permission scheme would make life much easier,
more comfortable and much more straightforward for httpd-admins...
>How-To-Repeat:

>Fix:
well, implement it as an option :%2
>Audit-Trail:
>Unformatted:



Mime
View raw message