You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Zysman, Roiy" <ro...@intel.com> on 2003/02/10 16:44:11 UTC
[users@httpd] Apache and NIS constraints question.
Hi All,
Our environment uses Apache 2.0 that reads NFS docs areas.
NIS has a constrain that a uid can't belong to more than 16 NIS groups
Here starts the problem :
How can apache read secured (not open to 'other' e.g. XX0 permissions)
areas.
I can do it by adding the apache user to each NIS group , but that
might be bad once I cross the 16 groups limit.
I could use a mechanism like SUExec , if it worked for docs and not just
for CGI files.
I could use perchild (e.g. running a virtual server with different uid
and gid), If it worked properly.
Has anybody faced this kind of problem and solved it with any out of the
box means ?
I'd be happy to hear other suggestions as well.
10x, Roiy
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Apache and NIS constraints question.
Posted by Tim Wort <ti...@pobox.com>.
Hi,
You didn't mention a OS. The users in 16 groups is a RPC problem and NFS
uses RPC, there are patches to help with the problem. See:
http://web.inter.nl.net/users/fvm/nfs-ngroups/
I can understand why this might not be the route you want to take but I
thought I would offer the information anyway.
On Mon, 10 Feb 2003, Zysman, Roiy wrote:
> Hi All,
>
> Our environment uses Apache 2.0 that reads NFS docs areas.
> NIS has a constrain that a uid can't belong to more than 16 NIS groups
> Here starts the problem :
> How can apache read secured (not open to 'other' e.g. XX0 permissions)
> areas.
> I can do it by adding the apache user to each NIS group , but that
> might be bad once I cross the 16 groups limit.
> I could use a mechanism like SUExec , if it worked for docs and not just
> for CGI files.
> I could use perchild (e.g. running a virtual server with different uid
> and gid), If it worked properly.
>
> Has anybody faced this kind of problem and solved it with any out of the
> box means ?
> I'd be happy to hear other suggestions as well.
>
> 10x, Roiy
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Inkling Research Inc. =
= Tim.Wort@InklingResearch.com =
= Tim.Wort@pobox.com =
= =
= Eschew Obfuscation =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org