So, I've I got it right the patch should cover the following: . A User/Group that is allowed to own everything. Probably, this should be set at compile time for integrity and enhaced security. . An optional diective (server side), which can be turned off at compile time, to permit those files owned by the shared user ONLY to RUN as the shared user.
This shouldn't be that hard to add to suPHP. If I have time this weekend, I'll submit the corresponding patch. On Mon, Mar 8, 2010 at 8:55 AM, Dave Ingram <[email protected]> wrote: > Jani Ollikainen wrote: > > On 06/03/10 20:08, Conor Clafferty wrote: > > > e.g. /usr/share/mysharedfolder should be allowed to be executed by any > of my users but not writeable. > > > That sounds a feature that I would also appreciate. Now as I cannot even > use symlinks to do that my only option has been to copy the files to > everyone. > > But how that would be easiest to implement? One thing comes to my mind > that is having a configuration setting of the owner whose files everyone > can run. Like: > > shared_user=username > > Then every file that is owner by username would be allowed to run by > the users. Then in my configuration I could use symlinks to > /usr/share/mysharedfolder. > > This would add some checks to permissions checks but shouldn't slow > it down much. > > So who wants to implement that? (Or some better way of doing it:) > > > I've implemented something similar -- the patch is at > https://lists.marsching.com/pipermail/suphp/2009-September/002209.html > > The basics are that it allows you to turn off user checks and rely on group > checks instead. It should also be possible to modify it to handle a > "trusted" set of users/groups. If you want, I can probably knock that > together tonight. > > > Dave > > _______________________________________________ > suPHP mailing list > [email protected] > https://lists.marsching.com/mailman/listinfo/suphp > > -- Ricardo I. Vieitez Estudiante secundario [email protected] Página web personal: msl37.org Bitácora: blog.msl37.org _______________________________________________ suPHP mailing list [email protected] https://lists.marsching.com/mailman/listinfo/suphp
