general/988: suggestion: option to check permissions via os-userbase

[Christian Heinze <x...@x.camelot.de>]

>Number:         988
>Category:       general
>Synopsis:       suggestion: option to check permissions via os-userbase
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          change-request
>Submitter-Id:   apache
>Arrival-Date:   Mon Aug 11 09:00:07 1997
>Originator:     x@x.camelot.de
>Organization:
apache
>Release:        any
>Environment:
Linux 2.0.30 i486
>Description:
i hope the bugreport page is correct for suggestions - at least that's what the faq said... :)

i've been struggeling with my apache httpd (*ix) for a while now and found out that there's a powerful feature missing.
        
a security-system that uses the os' userbase and permissions. i.e.:

e.g. if the following file is requested:
-rw-r-----   1 root     users       13722 Apr 25 01:28 /foo/bar.html
it can't be read by the default apache user, say wwwrun with nogroup. so apache sends a uid/pwd-query window and checks the input against the os' userbase. if the input was correct, apache changes to the user's uid and tries to execute the request with the user's permissions. if not -> uid/pwd-query window, and so on...
the same would work great with cgi-binaries (i'm dreaming of the possibilities i'd have together with web/cgi-interfaced sql-databases... *sigh* :) ).

i think such a totally os-transparent user/permission scheme would make life much easier, more comfortable and much more straightforward for httpd-admins...
>How-To-Repeat:

>Fix:
implement it as an optional permission-checking- and authorization-scheme. :%2
>Audit-Trail:
>Unformatted: