Adam Megacz wrote: >> 2) Apache's mod_suexec already has a tiny, separately frob-able program >> called suexec. I modified it quite easily to add some security stuff on >> fyodor, and I believe we could do the same on mire. >> > > This will probably work, as long as the dynamic content is executed in > a process fork()ed by apache, not in the actual apache process itself. > Just a warning, though, it's going to be ugly -- for example, how will > that script decide which user's keytab to load? Also, we need some > way for that script to surrender whatever permissions allowed it to > access /etc/keytabs/ before it invokes the untrusted user's script. >
This is just a way of doing keytab based authentication without requiring every user to implement his own custom version in his scripts. suexec already needs to have all of the relevant user information to do its regular job. The first thing (approximately) that the suexec process does is become the owning user, and we'd probably want to read the keytab file after the switch, just in case. >> 3) mod_php has a similar suexec-style wrapper, similarly tiny and easy >> to add code to. (And I've done this on fyodor, too.) >> > > Can you point me to the documentation on this? I thought mod_php ran > in the Apache process just like mod_perl. > Right, sorry. I should have said mod_suphp, or whatever the name of that module is. >> I think we want Mailman data stored on user AFS volumes, too, for quota >> purposes. However, the privileges should be easier, as we can grant a >> system Mailman user access to the volumes, while giving users read >> access. Thoughts on this? >> > > I don't know that much about how mailman works, but I assume that its > web-based portion needs to be running with privileges greater than > system:anyuser in order to process subscribe/unsubscribe/etc. > > If so, this is sorta blocked on getting Apache dynamic content > working; we'll need to deal with that first. > Since the Mailman web interface will run on deleuze, where we've been planning to do without suexec and keep all processes in a PAG with credentials maintained by kstart, I don't think it depends on that. _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
