make use of fs ACLs

[Peter Somogyi <ps...@gamax.hu>]

Hi,

We would like to have an autoindex-like file serving functionality of apache 
web server that avoids usage of .htaccess file, but uses filesystem's ACLs 
instead. Moreover we don't want to require wwwrun to be allowed in every 
file/dir ACLs.

For authentication we'd use e.g. mod_auth_external + pwauth.
Our aim is access checking:
- check whether a requested file is downloadable by the given user
- check whether the given user has access to the directory
- check which files are visible to the given user when listing a directory 
content (e.g. via autoindex module)
So far readonly functionality is enough.

To achieve this, we have been thinking about writing a modification of 
autoindex.c which forks a child executing a newly written tool which 
_becomes_ the authenticated user and lists directory content. File open check 
and file content read would be done by this tool as well. (I still don't know 
where to modify/hook into file download and how to cache forking.)

I'm curious why such a feature is not yet already implemented. I don't stick 
to autoindex, we just need a similar functionality over http.

Does anybody know any existing solution for this, or a better idea how to make 
it?

We appreciate any comments on this.

Peter

Re: make use of fs ACLs

[Dumindu Pallewela <pa...@gmail.com>]

Hi all,

In a module that I am writing, I need to share an object between
successive requests. My first go at it was to have a reference to this
object in the server configuration. But only after trying it out I found 
that the server configuration is not shared between the child processes, 
rather each process has it's own server configuration. (I want the 
module to work despite the MPM used.)

So my question is how can I share an object between successive requests?

Thanks,
Dumindu.

Re: make use of fs ACLs

["William A. Rowe, Jr." <wr...@rowe-clan.net>]

Peter Somogyi wrote:
> 
> Sorry, could you point there please? (I've already spent 4 hours for google 
> and grep on trunk, asked expert people here but couldn't find anything.)
> Do you mean the hole is in the auth way (we can use mod_auth_pam instead), or 
> in using fs ACLs instead of .htaccess?

Twofold; if there was a code execution vulnerability somewhere within the
in-process server stack, including scripting languages or running untrusted
code, those files a visible to nobody.  Essentially you are sharing the p/w
list with everyone on the machine to crack the hashed passwords or search
for their match.

Secondly, unless ssl/tls is in use, the p/w's can be sniffed over the wire.
If these are also your ssh login accounts... well, you can figure out the
rest.

Re: make use of fs ACLs

[Peter Somogyi <ps...@gamax.hu>]

Hi Nick,

> > We would like to have an autoindex-like file serving functionality of
> > apache web server that avoids usage of .htaccess file, but uses
> > filesystem's ACLs instead. Moreover we don't want to require wwwrun
> > to be allowed in every file/dir ACLs.
> >
> > For authentication we'd use e.g. mod_auth_external + pwauth.
>
> Please read up on why that's a huge security hole (I think it's
> described somewhere in apache's own documentation).

Sorry, could you point there please? (I've already spent 4 hours for google 
and grep on trunk, asked expert people here but couldn't find anything.)
Do you mean the hole is in the auth way (we can use mod_auth_pam instead), or 
in using fs ACLs instead of .htaccess?
Thank you in advance.

>
> >	 a newly written tool
> > which _becomes_ the authenticated user and lists directory content.
>
> That's what suexec (and its many cousins) are for.
Thanks, however I wanted my question to be applied to fs ACL usage solution 
existence, not to becoming a user. Sorry for the misunderstanding.

BTW. this feature already exists for OpenAFS, but there permission is linked 
with a PAG, not with a local user.

Peter

Re: make use of fs ACLs

[Nick Kew <ni...@webthing.com>]

On Mon, 4 Jun 2007 18:06:22 +0200
Peter Somogyi <ps...@gamax.hu> wrote:

> Hi,
> 
> We would like to have an autoindex-like file serving functionality of
> apache web server that avoids usage of .htaccess file, but uses
> filesystem's ACLs instead. Moreover we don't want to require wwwrun
> to be allowed in every file/dir ACLs.
> 
> For authentication we'd use e.g. mod_auth_external + pwauth.

Please read up on why that's a huge security hole (I think it's
described somewhere in apache's own documentation).

>	 a newly written tool
> which _becomes_ the authenticated user and lists directory content.

That's what suexec (and its many cousins) are for.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/