Server mode is a mode that httpd reads `http port'(default 80) directly. The merit is:
If you don't execute httpd in server mode, then it is invoked by listen. Httpd will be executed as user none. If writing is required, the file must be allowed to be written by none. If file server is shared by many persons, that may make a problem.
Let web be a user, net a real user but a virtual user. If httpd can run as user web, we can keep security even file server is shared by many persons. If user alice want /usr/alice/web/doc/data to be read or written only by alice and httpd, then make a change /adm/users to:
alice:alice:web web::and register user
web to your authentication server. User alice permit web to write to files that are necessary to be written by httpd. Say,cpu% chmod 664 /usr/alice/web/doc/somedata cpu% ls -l --rw-rw-r-- alice web ... /usr/alice/web/doc/somedata
a-rw-rw-r-- otherwise save the file to venti for safety.
Therefore /usr/alice/web/doc/somedata will be protected if no user can become web except httpd.
Note that this simple method can be accepted only by Pegasus. Because, in httpd except Pegasus, other person's CGI can also write /usr/alice/web/doc/somedata.
web-u that makes httpd run as user who invoked Pegasus.none?web by:auth/login weband run httpd.
How to do in automatic execution?
mon is provided for this purpose.
This tool also resolves some security problem described bellow.
httpd and replace it by another one.none cannot kill other none's process in Plan9 4ed.
Pegasus httpd does not allow mount by CGI except under option -m.
However httpd running as web can kill httpd.
Mon is provided for this case. Don't run mon as user web. Because the fact that mon is not owned by web protects against CGI.