Lazy wrote:
2008/5/5 Jille Timmermans <[EMAIL PROTECTED]>:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello hackers!
I was thinking of creating a more secure environment for running
webscripts (mod_php in my case),
I want to run php scripts as their owner.
I tought of the following scheme's:
http://junk.quis.cx/fViKmLRi/apache-user-scheme-p1.png
http://junk.quis.cx/bPkxwAbI/apache-user-scheme-p2.png
And an setting:
ExecutiveUser %n # This should run php scripts as $script-owner
ExecutiveUser www-%n # this should run php scripts as www-$scriptowner
ExecutiveGroup www
ExecutiveGroup www-%n
(%n meaning the script-owners username, and eg %u for the script-owners
uid)
This would (eg) enable me to:
[EMAIL PROTECTED]:~# id
uid=1000(quis) gid=1000(users) groups=1000(users),10000(www-quis)
[EMAIL PROTECTED]:~# id www-quis
uid=10000(www-quis) gid=10000(www-quis) groups=10000(www-quis)
[EMAIL PROTECTED]:~# chown quis:www-quis public_html
[EMAIL PROTECTED]:~# chmod 750 public_html
So only 'my' apache-runas user can access my scripts.
How do you think about this idea ?
It does decrease the performance a bit (Workers should parse the
request, put it in some shm, Executive should pick it up from the shm
and really run the php-script (See the links above for the terms Worker
and Executive)
But if the option is not specified it is possible to do it 'the old way'.
Would it be possible to implement this as an MPM, or MOD ?
(I don't know enough (yet) of apache to say that.)
If that is possible there is no loss when it is disabled.
take a look at peruser (http://www.telana.com/peruser.php)
It supports ssl, keep-alive, chroot and chuid per vhost
in simple configurations it seems to work out of the box with some quirks
1) graceful segfaults (apache continues to work)
2) on machines with multiple processors it hangs badly on gaceful restarts
3) some minor issues with ssl cache
last week, I think I ironed out 1 & 2 graceful's work flawlessly on a
busy webserwer (2xdc opteron) (around 300 diferent users with many
more vhosts).
Sadly support list for peruser seems to be dead and latest patch is
based on 2.2.3.
I fixed 2 race conditions, added limited support for ssl for
NamevirtualHosts and did some minor patches.
All without answer so i guess peruser isn't in active development anymore.
There is still an memory leak to plug, maybe my patches did some wrong
but for now it's not a big headache.
Peruser now for me is quite usable, i have some ideas to improve it. I
will do it anyway because i need it for my work.
Somebody told me to fork it, but will anyone care ?
I would really like to run it myself,
and I know a few others who would also like it.
I am willing to help you, however I don't know how.
My C skills are not that good, so I can't do it on my own.
I might be able to kill bugs if apache crashes and I can get a backtrace.
I can help you test it on FreeBSD, (FreeBSD jails are quite useful for
testing).
I think peruser would be a nice feature for apache, it would be a shame
if it got abandoned.
-- Jille
