On Friday 17 August 2007 11:42:45 Ady Wicaksono wrote: > You can use Apache - Suexec to drop prvileges > I don't know if Tomcat also has this feature too
We did check that. Tomcat runs within the JVM context and JVM itself starts up with the www-data user acct , so tomcat can never do what I want it to. (We are also planning additional JVM security restrictions being implemented) We did consider Apache+suexec+php/perl. Apache can suexec since it starts up as root and drops privileges to nobody or www-data. Regards Anand > > On 8/16/07, Anand Vaidya <[EMAIL PROTECTED]> wrote: > > I am looking for some ideas on what is the best way to provide a web > > interface > > to end-users UNIX home-dirs. Details below: > > > > - Few thousand users, access linux machines via shell and manipulate > > files the > > usual way (cp, rm, mkdir etc) > > > > - Need to provide a web-interface to perform similar functions. > > > > - Tomcat will runs as www-data:www-data user (low privileges) > > > > Unfortunately, user files are owned by user:user and tomcat runs as > > www-data:www-data so , tomcat/apache cannot read/write user dirs. > > > > I am thinking of writing a C app running as root that will listen on a > > localhost socket for "commands" from the web UI and just execute it > > (after necessary checks, dropping down privileges etc) > > > > Are there any ways to manipulate autofs etc? > > > > Are there any better ideas? > > > > Regards > > Anand > > > > _______________________________________________ > > Slugnet mailing list > > [email protected] > > http://www.lugs.org.sg/mailman/listinfo/slugnet _______________________________________________ Slugnet mailing list [email protected] http://www.lugs.org.sg/mailman/listinfo/slugnet
