Adam Chlipala <[EMAIL PROTECTED]> writes: >> Is this actually a goal?
> We want to be able to calculate bandwidth usage by virtual host, Ah, good to know this. Ok, processing the logs would be the easiest way to do this... although there are other alternatives such as mod_bandwidth. >> I don't care about the policy angle, but technically it opens a >> whole new can of worms. Apache runs with the user's tokens -- how >> is it going to write to the logfile if the user can't write to it? > That may be true with mod_waklog, but it's not true with the old > suexec approach. Apache opens all log files as root when it starts > up. These file descriptors are inherited where needed by "trusted" > child processes, but the separate processes spawned with suexec > don't get/need access to them. > Does waklog change the picture in some way that would prevent this > from working? Mod_waklog doesn't change it, but putting logfiles in AFS does. UNIX only does permission checks on open(), whereas AFS does permission checks on fsync() and close(). In other words, if you open a file, drop your tokens, and then try to write to it the next fsync() or the close() will fail. (BTW, there are very good reasons for this behavior, involving the possibility of writing your own "renegade" implementation of the AFS client). A good heuristic to keep in mind is that, from AFS's perspective, Apache *is* the user and nobody else during the processing of an HTTP request. So Apache cannot do anything to AFS that the user could not do, which makes reasoning about security easier and less error-prone. This is why some red flags went up for me when I saw discussion about Apache manipulating things in AFS that users cannot manipulate -- that's not going to be easy to achieve, if it can be achieved at all. BTW, it's good that we're discussing this. It looks like, until recently, no single person understood both the motivation [for] and feasability of the plan. Hopefully now we all have a somewhat clearer picture of both. - a -- PGP/GPG: 5C9F F366 C9CF 2145 E770 B1B8 EFB1 462D A146 C380 _______________________________________________ HCoop-SysAdmin mailing list [email protected] http://hcoop.net/cgi-bin/mailman/listinfo/hcoop-sysadmin
