running a module as a different uid

[Doug Bridgens <db...@soogate.com>]

Hi,

I have written a file sync module, that will pull files from web server 1 
to web server 2.  the module on web server 2 writes the file (whether an 
image file or a code file) into the right place in the docroot.  It's kind 
of experimental.

there are clearly security problems with this.  the module runs as the 
user/group of the httpd process, so all files become writeable by httpd in 
the docroot.

my question is, are there any suggestions as to something like switch uid 
on a module basis ?  this module is only enabled for a specific 
<Location>, and access is restricted by IP.  it's intended to sync files 
between a farm of privately connected web servers (a front end tier).

at the moment I am thinking a second apache instance running on a 
different port (say 81), and running as a different uid/gid.  this second 
instance only serves requests for this module/Location.  but it seems a 
bit ugly.


cheers,
Doug

Re: running a module as a different uid

[Nick Kew <ni...@apache.org>]

On Tue, 4 Oct 2011 23:43:44 +0100 (BST)
Doug Bridgens <db...@soogate.com> wrote:


> my question is, are there any suggestions as to something like switch uid 
> on a module basis ?  this module is only enabled for a specific 

You can't in general.  The uid is an attribute of the process,
not of some part of it.  There are various workarounds,
with setuid CGI (and variants on that) the most common.

But take a look at mod_privileges, which would enable you
to do what you want on Solaris.  You might be able to
hook into selinux to do something similar.


-- 
Nick Kew