On Dec 11, 2005, at 8:12 PM, Joshua Slive wrote:
By "exposing the entire hierarchy" do you mean giving file-system search permissions (chmod +x)? If so, no, you can't work around this in apache. It has nothing to do with apache. It is the file-system that is denying access. If apache can't get to the directory, there is no way to serve the files.
I guess the confusion on my part is: Why isn't it possible to just treat the Apache process as you would any other user? Add Apache process x from machine y to group z that is allowed see a specified folder? Instead, we're forced to redefining the permissions of every directory in the path just so Apache can see it. The permissions are already set up the way we want them re group access and in the overall scheme of things Apache should be just another user logged into the server.
The mechanics of coercing a resource URL into a file system path are trivial. With a correctly formatted path string in hand, just send a file open to the underlying file system. If you get a valid file handle back, great you have permission. If not you don't. No need to go through all this directory permission redefinition business.
Ken --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|