The following reply was made to PR general/985; it has been noted by GNATS.
From: Marc Slemko <[EMAIL PROTECTED]> To: Chris <[EMAIL PROTECTED]> Subject: Re: general/985: suggestion: check permissions via os-userbase Date: Mon, 11 Aug 1997 12:00:22 -0600 (MDT) On Mon, 11 Aug 1997, Chris wrote: > hi! > > > Synopsis: suggestion: check permissions via os-userbase > > > It is far more complicated than you make out to do so. > > i hope you're wrong... :) We have looked at this quite closely. > > > You then need to trust your web server with root and > > Apache would have to run as root. That isn't acceptable. > > it's absolutely no doubt that the httpd shouldn't run as root, but > the httpd just had to start an instance of itself with the uid and > password given by the user - no need to run as root. this works with > a shell with uid != 0 -> call of su -> shell with uid == 0 - so why > shouldn't that work for apache as well? :) Erm... you don't understand the way Apache works. We can't just start a process as any user we want. We have to be root. To know what uid to start it as, we have to start serving the request. That means we have to start serving the request as root. With persistent connections, there can be more than one request per connection. How are we supposed to switch uids in the middle of a connection? We also don't create a new process for each request to begin with, since that is horribly inefficient. Apache is a tad more complex than su. Or are you trying to claim that Apache should run su? The fact is that things are a _lot_ more complicated than you make out. Saying "you should just be able to do x" is fine, but the problem is that it isn't that easy to actually do. [...] > oh, btw, IIS and as i've heard CERN both support this feature... but i > like apache quite much and i really dislike the idea to go back to CERN > again... Many programs support many features. Hey, there is one web server that defaults to running all CGIs as root and makes it very difficult to change that. That doesn't mean it is a good idea. If you want to implement this, go ahead. I am simply saying that it is not something we will likely be considering in the near future because it can not be done safely.
