https://issues.apache.org/bugzilla/show_bug.cgi?id=48808
Summary: mod_authz_owner support for POSIX access control lists
Product: Apache httpd-2
Version: 2.3-HEAD
Platform: PC
OS/Version: Linux
Status: NEW
Severity: enhancement
Priority: P2
Component: Other Modules
AssignedTo: [email protected]
ReportedBy: [email protected]
This is an enhancement request for the mod_authz_owner module to support
posix acls, enabling fine-grained, filesystem-based authorization.
Currently it only respects the primary owner and group of files.
Many Unix-like systems support posix acls, including Linux, BSD and
Solaris. OSX and Windows have similar features, but these might be more
difficult and/or less useful to interface with. Linux would be the
preferred platform for a pilot implementation.
>From my perspective, the primary usecase is a file download system, where
Apache provides the HTTP access method in parallel with others, such as
shell/ ssh/scp and Samba for CIFS/SMB, to access the same set of files.
Authentication is based on LDAP (both in Apache, Samba and nsswitch).
Currently, access control happens in three places: 1) Apache .htaccess
and/or Directory/Location directives in the config, 2) Samba's additional
user/group directives in smb.conf, and 3) file/dir ownership. Keeping
the access control purely in the filesystem (with POSIX ACLs) would avoid
the fragmentation and difficulty of maintenance, as long as the access-
providing applications (Apache, Samba, etc) support it.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
