Jille
Thu, 08 May 2008 10:18:39 -0700
Lazy wrote:
2008/5/5 Jille Timmermans <[EMAIL PROTECTED]>:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello hackers! I was thinking of creating a more secure environment for running webscripts (mod_php in my case), I want to run php scripts as their owner. I tought of the following scheme's: http://junk.quis.cx/fViKmLRi/apache-user-scheme-p1.png http://junk.quis.cx/bPkxwAbI/apache-user-scheme-p2.png And an setting: ExecutiveUser %n # This should run php scripts as $script-owner ExecutiveUser www-%n # this should run php scripts as www-$scriptowner ExecutiveGroup www ExecutiveGroup www-%n (%n meaning the script-owners username, and eg %u for the script-owners uid) This would (eg) enable me to: [EMAIL PROTECTED]:~# id uid=1000(quis) gid=1000(users) groups=1000(users),10000(www-quis) [EMAIL PROTECTED]:~# id www-quis uid=10000(www-quis) gid=10000(www-quis) groups=10000(www-quis) [EMAIL PROTECTED]:~# chown quis:www-quis public_html [EMAIL PROTECTED]:~# chmod 750 public_html So only 'my' apache-runas user can access my scripts. How do you think about this idea ? It does decrease the performance a bit (Workers should parse the request, put it in some shm, Executive should pick it up from the shm and really run the php-script (See the links above for the terms Worker and Executive) But if the option is not specified it is possible to do it 'the old way'. Would it be possible to implement this as an MPM, or MOD ? (I don't know enough (yet) of apache to say that.) If that is possible there is no loss when it is disabled.take a look at peruser (http://www.telana.com/peruser.php) It supports ssl, keep-alive, chroot and chuid per vhost in simple configurations it seems to work out of the box with some quirks 1) graceful segfaults (apache continues to work) 2) on machines with multiple processors it hangs badly on gaceful restarts 3) some minor issues with ssl cache last week, I think I ironed out 1 & 2 graceful's work flawlessly on a busy webserwer (2xdc opteron) (around 300 diferent users with many more vhosts). Sadly support list for peruser seems to be dead and latest patch is based on 2.2.3. I fixed 2 race conditions, added limited support for ssl for NamevirtualHosts and did some minor patches. All without answer so i guess peruser isn't in active development anymore. There is still an memory leak to plug, maybe my patches did some wrong but for now it's not a big headache. Peruser now for me is quite usable, i have some ideas to improve it. I will do it anyway because i need it for my work. Somebody told me to fork it, but will anyone care ?
I would really like to run it myself, and I know a few others who would also like it. I am willing to help you, however I don't know how. My C skills are not that good, so I can't do it on my own. I might be able to kill bugs if apache crashes and I can get a backtrace.I can help you test it on FreeBSD, (FreeBSD jails are quite useful for testing).
I think peruser would be a nice feature for apache, it would be a shame if it got abandoned.
-- Jille
