H:Server Mode 2002/02/24
Server mode is a mode that httpd reads `http port'(default 80) directly. The merit is:
If you don't execute httpd
in server mode, then it is invoked by listen
. Httpd will be executed as user none
. If writing is required, the file must be allowed to be written by none
. If file server is shared by many persons, that may make a problem.
Let web
be a user, net a real user but a virtual user. If httpd
can run as user web
, we can keep security even file server is shared by many persons. If user alice
want /usr/alice/web/doc/data
to be read or written only by alice
and httpd
, then make a change /adm/users
to:
alice:alice:web web::and register user
web
to your authentication server. User alice
permit web
to write to files that are necessary to be written by httpd
. Say,cpu% chmod 664 /usr/alice/web/doc/somedata cpu% ls -l --rw-rw-r-- alice web ... /usr/alice/web/doc/somedata
a-rw-rw-r--
otherwise save the file to venti for safety.
Therefore /usr/alice/web/doc/somedata will be protected if no user can become web
except httpd
.
Note that this simple method can be accepted only by Pegasus. Because, in httpd except Pegasus, other person's CGI can also write /usr/alice/web/doc/somedata
.
web
-u
that makes httpd run as user who invoked Pegasus.none
?web
by:auth/login weband run httpd.
How to do in automatic execution?
mon
is provided for this purpose.
This tool also resolves some security problem described bellow.
httpd
and replace it by another one.none
cannot kill other none
's process in Plan9 4ed.
Pegasus httpd
does not allow mount by CGI except under option -m
.
However httpd
running as web
can kill httpd.
Mon is provided for this case. Don't run mon as user web
. Because the fact that mon is not owned by web
protects against CGI.