[sclug] Apache question

Pieter Claassen pieter at pieterclaassen.co.uk
Sun Nov 7 13:15:04 UTC 2004


Hello All,

Here is an open question regarding Apache that somebody might have some
philosophical or technical light to shed on:

1. Apache runs as www-data or whatever you want it to run.
2. It effectively ignores underlying filesystem permissions as long as
it has read rights to the files you want to serve, execute rights to CGI
scripts and directories it wants to traverse.
3. To provide access control, you have edit the apache.conf file and on
a per directory or file provide separate authorisation instructions (you
can use PAM to authenticate users which will at least use your
/etc/password)

So, here is the question:
1. Does anybody know of a way for apache to use the filesystem's
underlying permissions to determine if user X has the right to download
or upload a file? If the file has worldwide rw rights, then anybody can
get to it (I assume uploads via webdav)
2. Might this be most easily achieved to switch UID/GID of the apache
process on authentication to that of the authentication user?

Thanks,
Pieter

-- 
--------------------------------
Pieter Claassen
http://pieterclaassen.co.uk/blog
(tel): 077 666 56924



More information about the Sclug mailing list