I ended up using a cgi script which provides a nice upload/download interface (http://encodable.com/filechucker/) with suexec, which means that the cgi runs as the user who's logged in. > -----Original Message----- > From: Michael Clark [mailto:michael@xxxxxxxxxxxxxxxx] > Sent: 09 March 2008 03:10 > To: users@xxxxxxxxxxxxxxxx > Subject: Re: how would I serve up an upload/download > directory for each user > > Tim Edwards wrote: > > > > * Use some kind of module that allows apache to spawn a sub-process > > running as the user who logged in through mod_auth_shadow. Does such a > > module exist? > > > > We have some patches against apache to do something similar to this > using a modified mod_dav with a privilege separation mechanism similar > to openssh. In this model, apache still runs as an unprivileged process > and it sends privileged file-system requests overs a unix socket to a > pre-spawned privileged monitor process. This means you get all the > benefits of mod_dav but with the addition of unix authentication, > permissions and quotas, etc. > > http://privsep.org/ModPrivsepDocs > > The 2.2 series patches are still experimental but the 1.3.x patches we > have been running in production for some years now. I will have some > production quality patches for 2.2 coming out very soon now. > > http://privsep.org/ModPrivsepPatches > > The 1.3.41 version includes a script to download apache, mod_ssl and > mod_dav sources and to patch them (not required for 2.2 since mod_dav > and mod_ssl are now included). The docs for the 1.3.41 patch are here: > > http://privsep.org/patches/1.3.41/README.html > > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx > " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx > For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|