Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: auth user and exec a node app only with apache? |
|
| Author |
|
kodak
Joined: 20 Oct 2013
Posts: 2
Location: Germany, Munich
|
 Posted: Sun 20 Oct '13 19:55 Post subject: auth user and exec a node app only with apache? |
 |
|
Hi!
I couldn`t find an answer on the web and I`m trying for days now so I hope that someone with more experience with apache can help me out.
Iam writing an web editor and the user should be able to edit a file that is on the server in a directory the user has access to.
The problem Iam facing is that I need to authenticate against the system users (shadow/passwd).
So the user should be able to login whith a system account and then the node app which does all the logic should be started with the users rights.
I hope to get this working without any additional script and only with Apache.
I found out two things:
1. I can use mod_auth_pam to authenticate the user
2. There is a mod called suEXEC which can exec the node app with a specified user
The problem is that I have to hard code which user is used by suEXEC but I want to decide when the user logs in.
Is there any way to authenticate a user against the shadow/passwd and then exec a prog with the users rights?
I dont want to run the node app as root and the user should only be able to access his own files.
Any help would be appreciated!
Thanks,
Kodak |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Mon 21 Oct '13 11:04 Post subject: |
|
|
| I know there is mod_auth_pam but I have never used it. |
|
| Back to top |
|
kodak
Joined: 20 Oct 2013
Posts: 2
Location: Germany, Munich
|
| Posted: Mon 21 Oct '13 13:20 Post subject: |
|
|
Yes, but mod_auth_pam only authenticates the user against the system users and I would like to run a file with that particular user.
Hmmm I think I have to use suEXEC and an additional perl script with PAM module...
Edit: I think its possible with suEXEC and home directories like http://localhost/~user1/myscript.cgi
And then it should be executed as user1... any ideas how to configure this? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7371
Location: Germany, Next to Hamburg
|
| Posted: Tue 22 Oct '13 12:24 Post subject: |
|
|
Use SuexecUserGroup in the vhost config
| Code: |
SuexecUserGroup user groupname
|
Suexec clears all user environment variables, so SetEnv is useless in case of a cgi-bin scripts which requires some env to be set. |
|
| Back to top |
|
|
|
|
|
|
