On Thu, 26 Jul 2007 10:52:17 pm [EMAIL PROTECTED] wrote:
> Hi,
>
> > If I switch suPHP_UserGroup CDA+%{USER} staff
> >
> > in suPHP_UserGroup CDA+j.rautureau staff
> >
> > There is no problem. The script is correctly executed by
> > CDA+j.rautureau.
> >
> > All I would like is to make in dynamic...you see ?
>
> That causes a hell lot of trouble. Your configuration file is parsed when
> the apache server process starts.
This is true.
> SuPHP is then readily configured and knows the user ids it has to switch to.
However, I believe the mechanism that both suphp and suexec use to switch
groups is a setuid root executable that is called with the arguments for the
username to use.
> But you are trying to make this depend on the request itself.
As suphp and suexec do. This is why you can't do the user switching with
mod_php, apache has already dropped privileges.
> So to serve the request you first would have to know the contents of that
> request. Obviously that can't work right away.
This much is true. You'd have to hack away at suphp in order to change what
it's doing. Be careful though, if you make a mistake then it's an easy
exploit waiting to happen.
> You'd have to serve the request as a privileged user account and then drop
> privileges and switch to the desired user id in the process of serving that
> request. As far as I know that isn't supported by suPHP.
Like I said that's what suphp does. You just need to change what it's doing to
populate the username parameter it passes to the suphp script.
>
> Olli
>
>
> _______________________________________________
> suPHP mailing list
> [email protected]
> http://lists.marsching.biz/mailman/listinfo/suphp
_______________________________________________
suPHP mailing list
[email protected]
http://lists.marsching.biz/mailman/listinfo/suphp
