[sclug] Apache question
Tom Dawes-Gamble
tmdg at tmdg.co.uk
Sun Nov 7 21:47:34 UTC 2004
On Sun, 2004-11-07 at 13:14, Pieter Claassen wrote:
> Hello All,
>
> Here is an open question regarding Apache that somebody might have some
> philosophical or technical light to shed on:
>
> So, here is the question:
> 1. Does anybody know of a way for apache to use the filesystem's
> underlying permissions to determine if user X has the right to download
> or upload a file? If the file has worldwide rw rights, then anybody can
> get to it (I assume uploads via webdav)
> 2. Might this be most easily achieved to switch UID/GID of the apache
> process on authentication to that of the authentication user?
>
I think the only way to do this would be to
1) Authenticate the user against /etc/passwd.
2) switch user using setuid.
3) server the page.
4) switch user back to original user.
However to make that happen one needs to run apache as root. Personally
I would not want to go there.
regards,
Tom.
More information about the Sclug
mailing list