Hi, We would like to have an autoindex-like file serving functionality of apache web server that avoids usage of .htaccess file, but uses filesystem's ACLs instead. Moreover we don't want to require wwwrun to be allowed in every file/dir ACLs.
For authentication we'd use e.g. mod_auth_external + pwauth. Our aim is access checking: - check whether a requested file is downloadable by the given user - check whether the given user has access to the directory - check which files are visible to the given user when listing a directory content (e.g. via autoindex module) So far readonly functionality is enough. To achieve this, we have been thinking about writing a modification of autoindex.c which forks a child executing a newly written tool which _becomes_ the authenticated user and lists directory content. File open check and file content read would be done by this tool as well. (I still don't know where to modify/hook into file download and how to cache forking.) I'm curious why such a feature is not yet already implemented. I don't stick to autoindex, we just need a similar functionality over http. Does anybody know any existing solution for this, or a better idea how to make it? We appreciate any comments on this. Peter
