Thanks a lot for pointing me out this page. I do understand now why this doesn't exist by default. Wouldn't it be possible to modify mpm-itk a bit to fork as connected user instead of statically defined users ? On Tue, 2012-02-28 at 08:32 -0500, Mark Montague wrote: > On February 28, 2012 3:32 , =?ISO-8859-1?Q?Micka=EBl_CAN=C9VET?= > <canevet@xxxxxxx> wrote: > > I'd like to know if there is a way to tell apache httpd to fork as > > 'REMOTE_USER' instead of 'User' variable defined in httpd.conf. > > > > The idea is to export a filesystem through HTTP (Dav), and instead of > > giving apache's user read/write access on the files and play > > with .htaccess for each folder, let apache fork as the authenticated > > user so that I can use POSIX rights to give access. > > > What you're talking about is called "Privilege separation". Please see > the wiki page on the subject, which goes into the topic in detail and > discusses the difficulties and various potential solutions: > > https://wiki.apache.org/httpd/PrivilegeSeparation > > > -- > Mark Montague > mark@xxxxxxxxxxx >
Attachment:
signature.asc
Description: This is a digitally signed message part
|