If I understand what you say, it's possible I just have to modify the sources of SuPHP?
But I don't really know the C programming to tempt something on the sources... The service will be available on an intranet, and not on the internet. So the problem of security is not my priority for the moment. All I Want, is not to have 526 apache VirutalHost. One virtualHost witch is use the right user would be perfect,... Thank you -----Message d'origine----- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] De la part de Richard Salts Envoyé : vendredi 27 juillet 2007 01:26 À : [email protected] Objet : Re: [suPHP] suPHP_UserGroup dynamic ? is it possible ? On Thu, 26 Jul 2007 10:52:17 pm [EMAIL PROTECTED] wrote: > Hi, > > > If I switch suPHP_UserGroup CDA+%{USER} staff > > > > in suPHP_UserGroup CDA+j.rautureau staff > > > > There is no problem. The script is correctly executed by > > CDA+j.rautureau. > > > > All I would like is to make in dynamic...you see ? > > That causes a hell lot of trouble. Your configuration file is parsed when > the apache server process starts. This is true. > SuPHP is then readily configured and knows the user ids it has to switch to. However, I believe the mechanism that both suphp and suexec use to switch groups is a setuid root executable that is called with the arguments for the username to use. > But you are trying to make this depend on the request itself. As suphp and suexec do. This is why you can't do the user switching with mod_php, apache has already dropped privileges. > So to serve the request you first would have to know the contents of that > request. Obviously that can't work right away. This much is true. You'd have to hack away at suphp in order to change what it's doing. Be careful though, if you make a mistake then it's an easy exploit waiting to happen. > You'd have to serve the request as a privileged user account and then drop > privileges and switch to the desired user id in the process of serving that > request. As far as I know that isn't supported by suPHP. Like I said that's what suphp does. You just need to change what it's doing to populate the username parameter it passes to the suphp script. > > Olli > > > _______________________________________________ > suPHP mailing list > [email protected] > http://lists.marsching.biz/mailman/listinfo/suphp _______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp _______________________________________________ suPHP mailing list [email protected] http://lists.marsching.biz/mailman/listinfo/suphp
