Anand Vaidya wrote:
I am looking for some ideas on what is the best way to provide a web interface
to end-users UNIX home-dirs. Details below:
Have you considered WebDAV?
Although not exactly a Web interface in the sense you are talking about,
it is supported by built-in clients for Windows Explorer, Macintosh
Finder and Gnome/Nautilus (which IMHO is better than a web interface).
- Few thousand users, access linux machines via shell and manipulate files the
usual way (cp, rm, mkdir etc)
- Need to provide a web-interface to perform similar functions.
- Tomcat will runs as www-data:www-data user (low privileges)
Unfortunately, user files are owned by user:user and tomcat runs as
www-data:www-data so , tomcat/apache cannot read/write user dirs.
Have you considered having user files owned by different UNIX users? It
can be done in a nice way with things like LDAP and PAM.
We have a patchset that adds privilege separation to Apache (although
only v1.3 at the moment) to allow a WebDAV setup that gives read/write
access to files and directories owned by the individual unix users via
DAV with the native File browser of your OS (Mac/Windows/Linux ). This
is normally hard to do with plain Apache DAV as you are restricted to
having all of the files owned by a single user to allow write access
securely.
See http://oss.metaparadigm.com/apache-privsep/
I am thinking of writing a C app running as root that will listen on a
localhost socket for "commands" from the web UI and just execute it (after
necessary checks, dropping down privileges etc)
Ya. Our patchset for Apache does this exact thing over a unix socket. It
does it in a secure way by cryptographically signing a token during
authentication that has to be passed and verified in successive requests
to the process running as root.
Are there any ways to manipulate autofs etc?
Are there any better ideas?
Regards
Anand
_______________________________________________
Slugnet mailing list
[email protected]
http://www.lugs.org.sg/mailman/listinfo/slugnet
_______________________________________________
Slugnet mailing list
[email protected]
http://www.lugs.org.sg/mailman/listinfo/slugnet
