Re: AW: Run external RewriteMap program as non-root
On 03/05/2015 02:51 PM, Plüm, Rüdiger, Vodafone Group wrote: -Ursprüngliche Nachricht- Von: Jan Kaluža [mailto:jkal...@redhat.com] Gesendet: Donnerstag, 5. März 2015 14:08 An: dev@httpd.apache.org Betreff: Re: Run external RewriteMap program as non-root On 03/05/2015 12:53 PM, Yann Ylavic wrote: On Thu, Mar 5, 2015 at 12:08 PM, Jan Kaluža wrote: On 03/05/2015 07:55 AM, Jan Kaluža wrote: 3. Execute it where it is now (post_config), but set user/group using apr_procattr_t. So far I think this would duplicate the code of mod_unixd and would probably have to also handle the windows equivalent of that module (if there's any). I've been thinking about this one more and with introduction of third argument to RewriteMap, it could be possible with patch similar to attached one. You can do "RewriteMap MapName prg:/path user:group" with the patch. This could be even backported to 2.4.x. I'm fine with this one too (unix only?). Still thinking about good RewriteMap syntax to pass "password" for Windows. But If people don't mind, having this unix only is also solution :). The password issue for Windows was also on my mind :-). Having it in cleartext in the config seems ugly. So Unix only should be fine at least for the start. Committed in r1664565. Thanks all for discussion. Regards Rüdiger Regards, Jan Kaluza
AW: Run external RewriteMap program as non-root
> -Ursprüngliche Nachricht- > Von: Jan Kaluža [mailto:jkal...@redhat.com] > Gesendet: Donnerstag, 5. März 2015 14:08 > An: dev@httpd.apache.org > Betreff: Re: Run external RewriteMap program as non-root > > On 03/05/2015 12:53 PM, Yann Ylavic wrote: > > On Thu, Mar 5, 2015 at 12:08 PM, Jan Kaluža > wrote: > >> On 03/05/2015 07:55 AM, Jan Kaluža wrote: > >>> > >>> 3. Execute it where it is now (post_config), but set user/group > using > >>> apr_procattr_t. So far I think this would duplicate the code of > >>> mod_unixd and would probably have to also handle the windows > equivalent > >>> of that module (if there's any). > >> > >> > >> I've been thinking about this one more and with introduction of third > >> argument to RewriteMap, it could be possible with patch similar to > attached > >> one. > >> > >> You can do "RewriteMap MapName prg:/path user:group" with the patch. > >> > >> This could be even backported to 2.4.x. > > > > I'm fine with this one too (unix only?). > > Still thinking about good RewriteMap syntax to pass "password" for > Windows. But If people don't mind, having this unix only is also > solution :). > The password issue for Windows was also on my mind :-). Having it in cleartext in the config seems ugly. So Unix only should be fine at least for the start. Regards Rüdiger