Printable View
Hi,
I have a file server which posts a file descriptor in /srv
the idea is that this will be run from cpurc so httpd can
mount it.
In my naive implementation the server runs as bootes so it
has different access to files to the httpd which normally runs
as none.
I can just call becomenone() in the start of the server but is
there a better (but not too complex) way to do this using the
username presented to attach so my server gets the apropriate
permissions no matter who mounts it.
-Steve
since nobody well qualified has answered this, i'll go out on a limb
and answer at the risk of unleashing somebody's wrath :)
the question is confusing to me and i'm guessing at what you are trying
to do. you could authenticate the user, launch a httpd for
that user and redirect the user to it. I believe this is how pegasus
works. then your fs on /srv could require authentication.
[color=blue]
> Hi,
>
> I have a file server which posts a file descriptor in /srv
> the idea is that this will be run from cpurc so httpd can
> mount it.
>
> In my naive implementation the server runs as bootes so it
> has different access to files to the httpd which normally runs
> as none.
>
> I can just call becomenone() in the start of the server but is
> there a better (but not too complex) way to do this using the
> username presented to attach so my server gets the apropriate
> permissions no matter who mounts it.
>
> -Steve[/color]
> I have a file server which posts a file descriptor in /srv[color=blue]
> the idea is that this will be run from cpurc so httpd can
> mount it.
>
> In my naive implementation the server runs as bootes so it
> has different access to files to the httpd which normally runs
> as none.
>
> I can just call becomenone() in the start of the server but is
> there a better (but not too complex) way to do this using the
> username presented to attach so my server gets the apropriate
> permissions no matter who mounts it.[/color]
the short answer is no.
the longer answer involves subverting the authentication
system via speaksfor and /dev/caphash.
russ