httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Clark <mich...@metaparadigm.com>
Subject Re: [users@httpd] how would I serve up an upload/download directory for each user
Date Sun, 09 Mar 2008 03:10:09 GMT
Tim Edwards wrote:
>
> * Use some kind of module that allows apache to spawn a sub-process
> running as the user who logged in through mod_auth_shadow. Does such a
> module exist?
>

We have some patches against apache to do something similar to this
using a modified mod_dav with a privilege separation mechanism similar
to openssh. In this model, apache still runs as an unprivileged process
and it sends privileged file-system requests overs a unix socket to a
pre-spawned privileged monitor process. This means you get all the
benefits of mod_dav but with the addition of unix authentication,
permissions and quotas, etc.

  http://privsep.org/ModPrivsepDocs

The 2.2 series patches are still experimental but the 1.3.x patches we
have been running in production for some years now. I will have some
production quality patches for 2.2 coming out very soon now.

  http://privsep.org/ModPrivsepPatches

The 1.3.41 version includes a script to download apache, mod_ssl and
mod_dav sources and to patch them (not required for 2.2 since mod_dav
and mod_ssl are now included). The docs for the 1.3.41 patch are here:

  http://privsep.org/patches/1.3.41/README.html


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message