>If a servlet is loaded from the zone /home/bob will it have the same
>restrictions as user bob? If so, how can I set that up?
Only if you run a separate JVM for each servlet zone. Each JVM takes
something like 10-30MB just sitting around doing nothing.
>Is there a way to set this up to restrict a user's servlets to accessing
>only the user's home directory? The alice.properties files below seems
>to indicate that she can load servlets from anywhere.
Yes, that's the case.
>
>> In alice.properties:
>>
>> repositories=/home/bob/servlets
>> repositories=/home/bob/java/alice-classes.jar
>> servlet.foo.code=gov.ornl.alice.foo
>> servlet.foo.initArgs=foobar=3
>
>What about write access? Can Alice use her servlets to write anywhere or
>can that just be restricted to her directory?
She can write anywhere that the JVM can write. The JVM runs under the same
UID as Apache. If the JVM is run as say, user "nobody", then alice has the
same permissions as "nobody".
To get around this, you could:
A. write a basic security manager--not hard for JDK1.1 if you're not too
paranoid. But writing secure java code is a hastle, because, for instance,
you have to make sure people can't extend packages that you want to keep
closed.
B. use separate JVMs launched in manual mode for each user -- this is,
IMHO, the only reasonably safe solution for paranoid folks, because it is
the only solution that uses the OS's protections.
I haven't actually ever implemented solution B, but I think you'd need to
setup separate virtual hosts for each user so that you could specify a
separate ApJServProperties file for each user. (After writing the following
example, I (again) realized that the best way to do this is to give each
developer their own private Apache webserver running on the developer's
assigned port, rather than mess with virtual hosts and a centralized admin.)
For this example, you would create a directoy hierarchy for each user such
as the following:
$HOME/www all the stuff for the virtual host and jserv setup
$HOME/www/conf config files for the virtual host and for jserv
$HOME/www/servlets the user's servlets are stored here
$HOME/www/log log files, such as jserv.log
In httpd.conf you'd turn on manual mode:
ApJServManual on
and for each virtual host you'd have something like:
<VirtualHost IPNUMBER>
ServerName www.user.DOMAIN
DocumentRoot /home/USER/www/htdocs
<IfModule mod_jserv.c>
ApJServDefaultPort PORT
ApJServMount /servlets ajpv11://localhost:PORT/USER
ApJServProperties /home/USER/www/conf/jserv.properties
</IfModule>
<Location /servlets/*>
allow from all
</Location>
</VirtualHost>
where IPNUMBER is replaced with the hosting machine's IP number and DOMAIN
is replaced with your domain name, e.g., ornl.gov for the original poster.
Then USER is replaced with the user name and PORT is replaced with the port
which JServ will used, e.g., 8008, 8009, etc., where each user is assigned
a unique port number.
In each user's /home/USER/www/conf/jserv.properties the port property would
be set to the corresponding port for that user. Something like
port=USER
...
zones=USER
USER.properties=/home/USER/www/conf/jserv.USER.properties
Now, the only remaining thing to do is add a script that launches the JVM
for each user. The simplest is to let each user startup their own jserv by
placing a jserv startup script in (say) /usr/local/bin/jserv, for instance:
#!/bin/bash
properties=$HOME/www/conf/jserv.properties
log=$HOME/www/log/jserv.log
CLASSPATH=$CLASSPATH:/usr/local/jserv/lib/Apache-JServ.jar
CLASSPATH=$CLASSPATH:/usr/local/java/jsdk/lib/jsdk.jar
CLASSPATH=$CLASSPATH:...additional shared classes...
java org.apache.jserv.JServ $properties 2>> $log
Yet another approach is to have completely separate web servers running for
each user on a non-privileged port. This is probably the ideal solution
because:
1. You have, in one single step, decentralized the administration.
2. You don't have to figure out how to run jserv in manual mode for each
user and all the mess described above.
Point (1) is the most useful because when a developer has changed something
and JServ/Apache are not behaving he can just do "apachectl restart" and
doesn't have to restart everyone's server or bug the sysadmin. Actually,
this is how I test things before integrating them into my runtime system.
Basically, you just build apache with a --prefix for $HOME/user/apache
instead of the default /usr/local/apache, then you change the PORT from 80
to the user's assigned port, e.g., 4000 or 8000, or 1345, or whatever above
1023. Then you just follow the regular config instructions for JServ/Apache
except you store all the files under the user's home directory and remember
to use a unique port number for each user's Apache/JServ communication.
-- Ari Halberstadt mailto:[EMAIL PROTECTED] <http://www.magiccookie.com/>
PGP public key available at <http://www.magiccookie.com/pgpkey.txt>
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://www.working-dogs.com/>
Problems?: [EMAIL PROTECTED]
