Re: different uid per host or perhaps something else

2005-09-18 Thread QM 
On Sat, Sep 17, 2005 at 03:39:22PM -0700, Alexander Kabanov wrote:
: I have a bundle apache - mod_jk - tomcat working and virtual hosts
: properly configured,
: everything is nice, but with a few small issues. In addition to this
: configuration - each virtual
: host represents different users which don't trust each other.
: [rest of post deleted]

Generally speaking, if your app owners (users) don't trust one another
at the OS level, run their apps in separate instances of Tomcat.

This lets you run Tomcat as a different user for each container and, in
turn, use OS-level file perms to prevent unwanted access between apps.

-QM


-- 

software   -- http://www.brandxdev.net/
tech news  -- http://www.RoarNetworX.com/
code scan  -- http://www.JxRef.org/

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

different uid per host or perhaps something else

2005-09-17 Thread Alexander Kabanov 
Hi,

would like to solve the following problem, any opinion is appreciated:

I have a bundle apache - mod_jk - tomcat working and virtual hosts
properly configured,
everything is nice, but with a few small issues. In addition to this
configuration - each virtual
host represents different users which don't trust each other.

1. as a user1 I'm able to get to what's in the user2 home directory
(if file exec perm is allowed), here is how:

tomcat is running with security manager enabled, in catalina.policy add
something like this:

grant codeBase file:/path/vhost1/- {
  permission java.io.FilePermission /path/vhost1/-,
read,write,delete,execute;
}

grant codeBase file:/path/vhost2/- {
  permission java.io.FilePermission /path/vhost2/-,
read,write,delete,execute;
}

this policy prevents to open anything that is outside of /path/vhostN
, but it allows you
to create a shell script and execute commands under the server uid, and because
the uid is allowed to access any user directory you potentially can
get something
from there. it's easy to solve , don't give users exec permission, but I would
like to allow them to execute what they want somehow

question: is there a way, before executing an external process switch
to a different uid
(something similar to apache suexec, or perhaps something like uid per host)?

2. for each vhost /manager context is created (inside host
name=vhost) with
its own users database and so on. when one deploys his applications
they belong to
the server uid (files owner), from #1 it means that anyone who is able
to execute a shell script and get in to your directory can delete or
alter your applications

question: is it possible to change files owner when you deploy an application or
when it's auto deployed (one way is - chmod +s /path/user/webappsdir, but
it allows user to have more then readonly on apps files, it doesn't
prevent cases
described in #1)

it's not dangerous when you don't give permission to execute external processes

thanks

--alex

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]