You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Benjamin Kuit <bj...@it.uts.edu.au> on 2002/10/15 05:01:49 UTC

apache itself to seteuid

Is there currently a way to configure apache so that the server
itself suid's to the owner of a page?

ie
Accessing http://<hostname>/~username
will causes httpd to setuid to username while accessing files with
~username/public_html?

This isn't the same as suexec, which only runs cgis as the owner.

The problem is that I work in an academic environment, where some
assignments are web pages written in jsp, php, perl and etc, and the
required permissions on ~username and ~username/public_html requires
that the web server (and tomcat if being used) can access the files.

Plagiarism becomes an issue when any student can write a simple program
(eg in perl) to search through other people's public_html directories.

I can only think of two solutions:
1) each student runs their own web server as themselves (httpd runs as
their own uid).
2) httpd runs as root with seteuid calls to the user specified in
the url.

In both cases, the result is that the public_html would only require
access permissions for the owner himself.

I know the solutions above are incomplete, for example they would
still not work for tomcat, I'm just wondering if this issue has
been addressed before, and how was it resolved?

Thanks for any help.

Bj

-- 
+-------------------------------+--------------------------------------+
|      Benjamin (Bj) Kuit       |  Building CB10.3.354                 |
|      Systems Programmer       |  Faculty of Information Technology   |
|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
|      Mobile: 0416 184 972     |  Email: bj@it.uts.edu.au             |
+-------------------------------+--------------------------------------+

Re: apache itself to seteuid

Posted by "William A. Rowe, Jr." <wr...@apache.org>.

Benjamin,

  the only way to accomplish this is with the perchild MPM for
Apache 2.0, and only by calling out each and every user.  Perhaps
it would be good to add perchild options for mass-user hosting in
the schema you suggest.

  Note that each 'user' then has an apache process running in the
uid of the user, while the main process dispatches requests to
the various users.  It could get expensive, if, say, you have 1000
users (all with public_html directories) and few require this feature.

  Security on the web is all about assigning world read permission
for anything that is publicly accessible from the outside world.  For
the 80/20 problem, well over 80% of the files are public anyway via
the server, so what if they are also readable on the server across 
users?

  But in the script case you are discussing, you aren't looking for
public_html documents to be protected.  You are really asking
if the private_html/cgi-bin and private_html/servlets might be private
and executed in the users context.  If you set up that only users
who create this sort of schema have perchild processes created,
then the burden on the server would drop from 1000 students to
perhaps 250 (or whomever is taking the tomcat/cgi classes, plus
the few extra users who start work early or continue afterwards.)

  So an auto-user schema based on perchild would be great, but
please don't tie it to ~user/public_html as the criteria!

Bill

At 10:01 PM 10/14/2002, Benjamin Kuit wrote:

>Is there currently a way to configure apache so that the server
>itself suid's to the owner of a page?
>
>ie
>Accessing http://<hostname>/~username
>will causes httpd to setuid to username while accessing files with
>~username/public_html?
>
>This isn't the same as suexec, which only runs cgis as the owner.
>
>The problem is that I work in an academic environment, where some
>assignments are web pages written in jsp, php, perl and etc, and the
>required permissions on ~username and ~username/public_html requires
>that the web server (and tomcat if being used) can access the files.
>
>Plagiarism becomes an issue when any student can write a simple program
>(eg in perl) to search through other people's public_html directories.
>
>I can only think of two solutions:
>1) each student runs their own web server as themselves (httpd runs as
>their own uid).
>2) httpd runs as root with seteuid calls to the user specified in
>the url.
>
>In both cases, the result is that the public_html would only require
>access permissions for the owner himself.
>
>I know the solutions above are incomplete, for example they would
>still not work for tomcat, I'm just wondering if this issue has
>been addressed before, and how was it resolved?
>
>Thanks for any help.
>
>Bj
>
>-- 
>+-------------------------------+--------------------------------------+
>|      Benjamin (Bj) Kuit       |  Building CB10.3.354                 |
>|      Systems Programmer       |  Faculty of Information Technology   |
>|      Phone: 02 9514 1841      |  University of Technology, Sydney    |
>|      Mobile: 0416 184 972     |  Email: bj@it.uts.edu.au             |
>+-------------------------------+--------------------------------------+