I've changed something in suPHP on my needs and think that it would be
useful to others.

I did patch that allows users to be authorized to use suphp with pam.
It allows, first, build list of users allowed to run php scripts
(using pam).

Second (actually it was purpose of writing whis patch ;-)), it allows
you to configure suphp in per-user manner, using for example
/etc/security/chroot.conf, limits.conf and so on. It also may
introduce specific environment.

In my configuration I've used suphp to run users scripts (those in
/~user) and some of users are chroot'ed using pam, so this is why i've
wrote it.

It also introduces new configuration parameter pam_service which is
empty by default, meaning no pam routines called.

sample PAM config (/etc/pam.d/suphp)

account required pam_unix.so
auth required pam_permit.so
#for example you may introduce specific environment
#auth       required     pam_env.so envfile=/etc/default/locale
#this is about chroots
session required pam_chroot.so use_groups

Although it calls pam_open_session, I haven't found way to call

PS I've took suphp from debian etch.


Attachment: suphp_pam.diff.gz
Description: GNU Zip compressed data

suPHP mailing list

Reply via email to