moddiffprivs-general Mailing List for mod_diffprivs
Status: Beta
Brought to you by:
lwojtow
Menu
▾
▴
moddiffprivs-general — General questions about mod_diffprivs
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
(1) |
Apr
|
May
|
Jun
(1) |
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
(1) |
|---|
|
From: pck <p...@mi...> - 2002-12-27 20:37:48
|
Witam, udało się komuś ożenić Apache jednocześnie z mod_diffprivs oraz mod_watch? Jakoś nie mogę przez to przebrnąć. :-( Pozdrawiam, -- Przemysław Ciesielski HTTP: missTCP.net JABBER: pc...@ja... TEL: 0.601.571.601 |
|
From: Piotr G. <sp...@sp...> - 2002-06-26 16:45:57
|
Witam ! Na poczatku, chcialbym podziekowac, modul rozwiazal wiekszosc moich problemow, a i mam nadzieje ze polaczenie go z libsafe uczyni go dostatecznie bezpiecznym, i odpornym na ataki. Podczas wstepnej pracy z mod_diffprivs wpadl mi jeden pomysl, ktory byc moze bedziesz chcial wykorzystac w swojej pracy. Chodzi konkretnie o dodanie do modulu funkcji setrlimit(), ktora pozwalala by na ustalanie limitow oddzielnie dla kazdego z vhostow. z powazaniem Piotr Grohman -- -------------------- czarnoPERLnik z krainy SQLoz ------------------------ |/\| '[...] I chcesz bym wbudował w to czasowy zapalnik ? I nie |/\| |\/| przejmujesz sie zasięgiem eksplozji ? ...... Nie ma sprawy !' |\/| -------- Piotr ['sPoOkI'] Grohman ------------ sp...@sp... ---------- |
|
From: Lukasz W. <lw...@eu...> - 2002-03-08 09:46:24
|
Today I upload a new release of mod_diffprivs. Since now it works with
userdir, for example You can use:
Privs AsFileOwnerSecure AsFileOwnerPrimaryGroup
then before serving file (i.e.) server/~lw/index.html then server
will change uid/gid for user/group lw (with path checking -"As...Secure").
This will work only when You specified another (new) directive
"PrivsUserDir".(I didnt mention about it in README, I'll do this soon).
This directive gets one argument, which is userdir where www files are
stored (the same as("UserDir"). For example, set
Privs AsFileOwnerSecure AsFileOwnerPrimaryGroup
PrivsUserDir public_html
when server receives request /~lw/index.html and lw's home dir is
/home/users/lw, then will change uid/gid to owner's file
/home/users/lw/public_html/index.html (with secure path checking).
If You don't use PrivsUserDir directive then will NOT work requests for
userdirs. This is for security, for example You have real_server
(and real_users) and virtual_server. When comming request
GET /~realuser/index.txt HTTP/1.0
Host: virtual_server
then (with previos version mod_diffprivs) request succeed and apache
change uid/gid for virtual_server, but will serving file
/home/to/real_user/user_dir/index.txt. If it's (hard|sym*)link then user
can view file (source) pointing by index.txt
Well... that's all. I hope it will work, it work in my servers.
Soon I'll reedit README file, mention about PrivsUserDir and make it
iterative. Best regards and have a nice weekend,
Lukasz
* - only if no: Option SymlinkIfOwnerMatch (should be used any way)
as always: sorry for my poor english :/
--
"... az w jedna krotka chwile, pojmiesz po co zyjesz ..."
Perfect "Kolysanka dla nieznajomej"
Lukasz Wojtow <lw...@ws...>
|
