You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by James Devine <fx...@gmail.com> on 2010/11/10 17:02:22 UTC
Re: [users@httpd] dynamic mpm-itk
vhost per user isn't something I would be able to do, what about a
module that runs prior to itk if thats possible to preset the uid
2010/10/26 Igor Galić <i....@brainsware.org>:
>
> ----- "James Devine" <fx...@gmail.com> wrote:
>
>> Is there a way to set the AssignUserId values associated with mpm-itk
>> based on the URI? Such as if a user accesses
>> http://domain.tld/~username
>> These users are in ldap so I would need to do some sort of external
>> processing such as through a rewritemap or mod_perl
>
> No. You'll need a vhost per user. Once you've set that up,
>
> http://username.domain.tld/
>
> for instance, would work.
>
> So long,
> i
> --
> Igor Galić
>
> Tel: +43 (0) 664 886 22 883
> Mail: i.galic@brainsware.org
> URL: http://brainsware.org/
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] dynamic mpm-itk
Posted by Igor Galić <i....@brainsware.org>.
----- "James Devine" <fx...@gmail.com> wrote:
> I wrote a module that runs prior to itk which checks for this special
> case and sets both the uid and gid, this seems to run fairly nicely
So you wrote a hack to stand on the shoulders of another hack?
Niiiice ;)
i
--
Igor Galić
Tel: +43 (0) 664 886 22 883
Mail: i.galic@brainsware.org
URL: http://brainsware.org/
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] dynamic mpm-itk
Posted by James Devine <fx...@gmail.com>.
I wrote a module that runs prior to itk which checks for this special
case and sets both the uid and gid, this seems to run fairly nicely
On Wed, Nov 10, 2010 at 12:47 PM, James Devine <fx...@gmail.com> wrote:
> I'm trying to get all content (php, perl, cgi etc) to run as the
> intended user, which works fine with mpm-itk for individual vhosts,
> but a few of those vhosts implement user directories which should be
> associated with different users
>
> On Wed, Nov 10, 2010 at 11:07 AM, Nick Kew <ni...@webthing.com> wrote:
>> On Wed, 10 Nov 2010 10:48:48 -0700
>> James Devine <fx...@gmail.com> wrote:
>>
>>> well this method doesn't appear to work, setting the uid prior to itk
>>> causes itk to fail out while trying to set the uid itself
>>
>> What do you expect to do that you couldn't do with cgi/suexec or fastcgi?
>>
>> mod_privileges may do the job for you, but use with caution if you
>> permit untrusted scripts to run with mod_perl or rewritemap!
>>
>> --
>> Nick Kew
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] dynamic mpm-itk
Posted by James Devine <fx...@gmail.com>.
I'm trying to get all content (php, perl, cgi etc) to run as the
intended user, which works fine with mpm-itk for individual vhosts,
but a few of those vhosts implement user directories which should be
associated with different users
On Wed, Nov 10, 2010 at 11:07 AM, Nick Kew <ni...@webthing.com> wrote:
> On Wed, 10 Nov 2010 10:48:48 -0700
> James Devine <fx...@gmail.com> wrote:
>
>> well this method doesn't appear to work, setting the uid prior to itk
>> causes itk to fail out while trying to set the uid itself
>
> What do you expect to do that you couldn't do with cgi/suexec or fastcgi?
>
> mod_privileges may do the job for you, but use with caution if you
> permit untrusted scripts to run with mod_perl or rewritemap!
>
> --
> Nick Kew
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] dynamic mpm-itk
Posted by Nick Kew <ni...@webthing.com>.
On Wed, 10 Nov 2010 10:48:48 -0700
James Devine <fx...@gmail.com> wrote:
> well this method doesn't appear to work, setting the uid prior to itk
> causes itk to fail out while trying to set the uid itself
What do you expect to do that you couldn't do with cgi/suexec or fastcgi?
mod_privileges may do the job for you, but use with caution if you
permit untrusted scripts to run with mod_perl or rewritemap!
--
Nick Kew
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] dynamic mpm-itk
Posted by James Devine <fx...@gmail.com>.
well this method doesn't appear to work, setting the uid prior to itk
causes itk to fail out while trying to set the uid itself
On Wed, Nov 10, 2010 at 9:52 AM, James Devine <fx...@gmail.com> wrote:
> well what I'm thinking of is to not set the uid/gid for a particular
> vhost and have another module run prior to when ITK would set the uid
> and set the UID/GID myself based on the URI
>
> On Wed, Nov 10, 2010 at 9:36 AM, Tom Evans <te...@googlemail.com> wrote:
>> On Wed, Nov 10, 2010 at 4:02 PM, James Devine <fx...@gmail.com> wrote:
>>> vhost per user isn't something I would be able to do, what about a
>>> module that runs prior to itk if thats possible to preset the uid
>>>
>>
>> Not without significant hacking. From mpm-itk homepage:
>>
>> """
>> apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing
>> Module) for the Apache web server. mpm-itk allows you to run each of
>> your vhost under a separate uid and gid — in short, the scripts and
>> configuration files for one vhost no longer have to be readable for
>> all the other vhosts.
>> """
>>
>> It is specifically designed to choose uid/gid based upon vhost, and
>> nothing else.
>>
>> Cheers
>>
>> Tom
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> " from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] dynamic mpm-itk
Posted by James Devine <fx...@gmail.com>.
well what I'm thinking of is to not set the uid/gid for a particular
vhost and have another module run prior to when ITK would set the uid
and set the UID/GID myself based on the URI
On Wed, Nov 10, 2010 at 9:36 AM, Tom Evans <te...@googlemail.com> wrote:
> On Wed, Nov 10, 2010 at 4:02 PM, James Devine <fx...@gmail.com> wrote:
>> vhost per user isn't something I would be able to do, what about a
>> module that runs prior to itk if thats possible to preset the uid
>>
>
> Not without significant hacking. From mpm-itk homepage:
>
> """
> apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing
> Module) for the Apache web server. mpm-itk allows you to run each of
> your vhost under a separate uid and gid — in short, the scripts and
> configuration files for one vhost no longer have to be readable for
> all the other vhosts.
> """
>
> It is specifically designed to choose uid/gid based upon vhost, and
> nothing else.
>
> Cheers
>
> Tom
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] dynamic mpm-itk
Posted by Tom Evans <te...@googlemail.com>.
On Wed, Nov 10, 2010 at 4:02 PM, James Devine <fx...@gmail.com> wrote:
> vhost per user isn't something I would be able to do, what about a
> module that runs prior to itk if thats possible to preset the uid
>
Not without significant hacking. From mpm-itk homepage:
"""
apache2-mpm-itk (just mpm-itk for short) is an MPM (Multi-Processing
Module) for the Apache web server. mpm-itk allows you to run each of
your vhost under a separate uid and gid — in short, the scripts and
configuration files for one vhost no longer have to be readable for
all the other vhosts.
"""
It is specifically designed to choose uid/gid based upon vhost, and
nothing else.
Cheers
Tom
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org