[sclug] Apache question

[James Fidell]

Quoting Pieter Claassen (pieter at pieterclaassen.co.uk):

> 1. Does anybody know of a way for apache to use the filesystem's
> underlying permissions to determine if user X has the right to download
> or upload a file? If the file has worldwide rw rights, then anybody can
> get to it (I assume uploads via webdav)

You could do this by writing your own apache module that enforced these
access restrictions.

> 2. Might this be most easily achieved to switch UID/GID of the apache
> process on authentication to that of the authentication user?

It's certainly possible, but there's a few little wrinkles that can
catch you out.  You might find something like mod_become a useful place
to start looking, though more as an example than a solution to your
problem.

James