You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Robert Hanson <us...@gmail.com> on 2012/05/02 03:44:25 UTC

Please Help : Perl Script to Make Dynamic Apache MPM-ITK Config

Dear all,

I have multiple users with their own /home folder. These users also
sub-domain of my server. for example :

mac.example.com >> /home/mac.example.com
max.example.com >> /home/max.example.com
taylor.example.com >> /home/taylor.example.com

by using MPM-ITK my Apache can be configured to access those folders with
UID and GID specified. not as www-data, Apache's default. and that's
exactly what I want. I want my Apache change its UID into mac, while
accessing /home/mac.example.com and so on...

unfortunately, Apache configuration file seems doesn't support 'variables'
to put as AssignUserId on my /etc/apache2/apache.conf

tons of documentation on the internet told me that the configuration should
be like this (STATIC) :

<IfModule mpm_itk_module>
AssignUserId user group
</IfModule>

until this Mod Perl gave me a little bit hope to make everything works... I
only have this 'clue' to make Apache config file runs dynamically :
http://serverfault.com/questions/75010/dynamic-authentication-realms-in-apache/75526#75526

but I'm not Perl-guy, I have no idea how to modify those codes to fits my
need. please kindly help me... thanks before.

Re: Please Help : Perl Script to Make Dynamic Apache MPM-ITK Config

Posted by Robert Hanson <us...@gmail.com>.

Hi Andre, thanks for your answer...

you asked me :

I suppose that your directories /home/mac.example.com etc.. already belong
to some specific UID/GID, so why do you not just use those in your
respective Apache <VirtualHost> sections ? That seems to be how it is
supposed to work.

well, I'm using VirtualDocumentRoot on the <VirtualHost> sections, means
those /home folders will be accessed by Apache using UID www-data. not
their own UID.

that's why I need MPM-ITK to switch Apache UID from its default into mac,
max or taylor. I'm not quite sure if it can be done without MPM-ITK...

can Mod-Perl just 'catch' the URL on http request, let's say max.example.com,
and then put it as variable so I can put it on the MPM-ITK section?

that's all I want...

On Thu, May 3, 2012 at 1:45 AM, André Warnier <aw...@ice-sa.com> wrote:

> Robert Hanson wrote:
>
>> Dear all,
>>
>> I have multiple users with their own /home folder. These users also
>> sub-domain of my server. for example :
>>
>> mac.example.com >> /home/mac.example.com
>> max.example.com >> /home/max.example.com
>> taylor.example.com >> /home/taylor.example.com
>>
>> by using MPM-ITK my Apache can be configured to access those folders with
>> UID and GID specified. not as www-data, Apache's default. and that's
>> exactly what I want. I want my Apache change its UID into mac, while
>> accessing /home/mac.example.com and so on...
>>
>> unfortunately, Apache configuration file seems doesn't support 'variables'
>> to put as AssignUserId on my /etc/apache2/apache.conf
>>
>> tons of documentation on the internet told me that the configuration
>> should
>> be like this (STATIC) :
>>
>> <IfModule mpm_itk_module>
>> AssignUserId user group
>> </IfModule>
>>
>> until this Mod Perl gave me a little bit hope to make everything works...
>> I
>> only have this 'clue' to make Apache config file runs dynamically :
>> http://serverfault.com/**questions/75010/dynamic-**
>> authentication-realms-in-**apache/75526#75526<http://serverfault.com/questions/75010/dynamic-authentication-realms-in-apache/75526#75526>
>>
>> but I'm not Perl-guy, I have no idea how to modify those codes to fits my
>> need. please kindly help me... thanks before.
>>
>>
> Hi.
> I will save you some time : the link above points to some perl code, but
> the purpose of that perl code is not at all what you are looking for, and
> would be useless in your case.
> (It authenticates the user *for Apache*, but it does not change the
> user-id under which *Apache is running* (at the OS level), which is what
> you seem to want.)
>
> Now, as far as the mpm-itk module is concerned :
> This is really a subject for the support list of mpm-itk, which you should
> find here :
> http://lists.err.no/mailman/**listinfo/mpm-itk<http://lists.err.no/mailman/listinfo/mpm-itk>
>
> But having had a quick look at the configuration, it seems indeed that in
>
>
> > <IfModule mpm_itk_module>
> > AssignUserId user group
> > </IfModule>
>
> both "user" and "group" refer to fixed UID a GID of defined OS users (on
> the host where your Apache httpd is running).  So you cannot use a variable
> there.
> But why would you want to ?
> I suppose that your directories /home/mac.example.com etc.. already
> belong to some specific UID/GID, so why do you not just use those in your
> respective Apache <VirtualHost> sections ? That seems to be how it is
> supposed to work.
>
> For any further details, I think that you should ask the mpm-itk mailing
> list, where you will probably get much better answers.
>

Re: Please Help : Perl Script to Make Dynamic Apache MPM-ITK Config

Posted by André Warnier <aw...@ice-sa.com>.

Robert Hanson wrote:
> Dear all,
> 
> I have multiple users with their own /home folder. These users also
> sub-domain of my server. for example :
> 
> mac.example.com >> /home/mac.example.com
> max.example.com >> /home/max.example.com
> taylor.example.com >> /home/taylor.example.com
> 
> by using MPM-ITK my Apache can be configured to access those folders with
> UID and GID specified. not as www-data, Apache's default. and that's
> exactly what I want. I want my Apache change its UID into mac, while
> accessing /home/mac.example.com and so on...
> 
> unfortunately, Apache configuration file seems doesn't support 'variables'
> to put as AssignUserId on my /etc/apache2/apache.conf
> 
> tons of documentation on the internet told me that the configuration should
> be like this (STATIC) :
> 
> <IfModule mpm_itk_module>
> AssignUserId user group
> </IfModule>
> 
> until this Mod Perl gave me a little bit hope to make everything works... I
> only have this 'clue' to make Apache config file runs dynamically :
> http://serverfault.com/questions/75010/dynamic-authentication-realms-in-apache/75526#75526
> 
> but I'm not Perl-guy, I have no idea how to modify those codes to fits my
> need. please kindly help me... thanks before.
> 

Hi.
I will save you some time : the link above points to some perl code, but the purpose of 
that perl code is not at all what you are looking for, and would be useless in your case.
(It authenticates the user *for Apache*, but it does not change the user-id under which 
*Apache is running* (at the OS level), which is what you seem to want.)

Now, as far as the mpm-itk module is concerned :
This is really a subject for the support list of mpm-itk, which you should find here :
http://lists.err.no/mailman/listinfo/mpm-itk

But having had a quick look at the configuration, it seems indeed that in

 > <IfModule mpm_itk_module>
 > AssignUserId user group
 > </IfModule>

both "user" and "group" refer to fixed UID a GID of defined OS users (on the host where 
your Apache httpd is running).  So you cannot use a variable there.
But why would you want to ?
I suppose that your directories /home/mac.example.com etc.. already belong to some 
specific UID/GID, so why do you not just use those in your respective Apache <VirtualHost> 
sections ? That seems to be how it is supposed to work.

For any further details, I think that you should ask the mpm-itk mailing list, where you 
will probably get much better answers.