Download Shareware and Freeware Software for Windows, Linux, Macintosh, PDA

line Home  |  About Us  |  Link To Us  |  FAQ  |  Contact

Serving Software Downloads in 976 Categories, Downloaded 29.543.593 Times

mod_become 1.03

  Date Added: June 26, 2010  |  Visits: 681


Report Broken Link
Printer Friendly Version

Product Homepage
Download (86 downloads)

mod_become module enables the web server to take on the access rights of a user & group, so that ~users can make available files to the web without having to make them readable by the world on the local file system. This can be useful for sites with a large number of users who want to apply file access controls among themselves. This module can also be applied to virtual hosts, directories, and locations. When the server is configured with "User root" (see Security), then this module will behave as though the directive "MaxRequestsPerChild 1" were set for the server and "KeepAlive off" were set for the server and every virtual host where a mod_become directive appears, which essentially limits the server and those virtual hosts to HTTP/1.0 behaviour. Therefore, for each request, this module will setuid() and setgid() the process handling the request based on one of the policies outlined below. Once the request is completed, the process will terminate. The parent server will be responsible for spawning a new child process to handle any future requests. The source can be compiled to use seteuid() and setegid() instead of setuid() and setgid() (see the top of the Makefile), but is NOT the default. Use of seteuid() and setegid() can improve preformance by avoiding the need to kill the Apache child process between requests, but it DOES have significant security issues. For example modules like mod_php or mod_perl that provide APIs to seteuid() and setegid(), could be used to become root user once again and do what ever they want. Essentially any module that is part of the Apache process space could revert to root user if they make use of seteuid() and setegid(). It is recommended that within mod_php, mod_perl, and other language modules that these APIs be disabled. CGIs that are launched as a separate process by Apache should, in theory, be safe, since the effective user and group ID become the real user and group ID of the child process and therefore cannot revert back to root (if I understand things correctly). Configuration The commands below can be added to the general Apache configuration file, httpd.conf. User id Context: global, < VirtualHost > This is not part of mod_become, but is used to enable or disable mod_becomes behaviour, since mod_become can only function when "User root" is specified for the main server configuration. You need to compile Apache with -DBIG_SECURITY_HOLE in order to do this. Become user id Become group id Context: server, < VirtualHost >, < Directory >, < Location > Specify the user or group to be used by default. When the BecomePolicy is user-group, then these will always be used. If the main server configuration fails to set the default user and group, then an error 503 Service Unavailable and a error log entry may occur should these values be required. BecomePolicy policy Context: global, < VirtualHost >, < Directory >, < Location > Specify the policy used to set the user & group ids of the child process: file The user & group of the requested file are used. Not recommend. user-group The default user & group specified are used. This is similar in behaviour to the Apache core directives User and Group. This is the default policy. document-root The user & group of the servers or virtual hosts document root is used. parent-directory The user & group of the requests parent directory is used. When the request corresponds to a directory, then it is used instead of its parent. BecomeRoot boolean Context: global, < VirtualHost >, < Directory >, < Location > When true, mod_become will allow the process to operate as root user or group; otherwise a 403 Forbidden error and a error log entry will occur if the process attempts to become root user or group. By default this is set false.. View web pages or mail as spoken by the Swedish Chef.

Requirements: No special requirements
Platforms: Linux
Keyword: Group Http Internet Mod Modbecome Process Root User Server Used User Virtualhost
Users rating: 0/10

License: Shareware Size: 23.55 KB
More Reviews or Write Review

Network & Internet  -  mod_auth_samba 1.0
mod_auth_sanba is an Apache module that allows you use Windows user database for user password authentication and ndbm database for groups in WWW authentication. Configuration: The following directives have been added which you can put in a <...
8.19 KB  
Utilities  -  chngpwd 1.0.0
chngpwd is a secure wrapper to change user passwords another user in a PAM-enabled system. chngpwds main use is as a wrapper for other interfaces to communicate with the user (e.g., Web interface). It was build with security in mind, so there...
16.38 KB  
Security Tools  -  passwd_info 0.1
passwd_info is a simple program that can query the /etc/passwd file for current user or specified user. USAGE: passwd_info [username] Sample: #include #include #include #include ...
Network & Internet  -  qPloneEditorGroup 0.2
qPloneEditorGroup is a product which adds new Editors user group and new Editor role. qPloneEditorGroup product adds new Editors user group and new Editor role. Website manager is able to add Editors via Plone Control Panel. Editors can edit all...
4.1 KB  
Modules  -  Admin HTTP Referers Mod 0.21b 1.0
With this Mod, administrator can analize the Http Referers to the forum
Network & Internet  -  Mod_Authz_Unixgroup 1.0.0
If you are having users authenticate with real Unix login ID over the net, using something like my mod_authnz_external / pwauth combination, and you want to do access control based on unix group membership, then mod_authz_unixgroup is exactly what...
102.4 KB  
Libraries  -  VP Toolkit 0.3.50
VP Toolkit is an Internet client/server C++ library, with support for object threads, stream based socket I/O, a multi-threaded server socket framework, a multi-process fault tolerant server framework, XML, HTTP, etc. VP Toolkit software is now...
174.08 KB  
Network & Internet  -  mod_diffprivs RC3
mod_diffprivs makes Apache configurable to work as diffrent user/group and chroot env. for each VirtualServer and for ~user request. Designed mostly for ISP to make Apache secure. This is a core directive in mod_diffprivs. It takes one, two or...
19.46 KB  
Network Monitors  -  Internet Connection Counter 7.5
This program displays various statistics about your Dial-up, GPRS, ADSL, LAN and so forth (TCP/IP) connections to the Internet. It can process almost all variety of tariff schemes, which are used by ISPs of different countries (money expenses for...
909.79 KB  
Network & Internet  -  mod_verify 1.4
mod_verify Apache module is a ownership & permission verification for Apache 1.3. This module is intended to verify ownership and permissions of directories and files within a web sites hierarchy without having to use setuid() and setgid(), ie....
18.43 KB  
Linux Software  -  wpCache WordPress HTTP Cache 1.1
wpCache is a high-performance, distributed object, caching system application, generic in nature, but intended for use in speeding up dynamic web applications, by decreasing database load time. wpCache decreases dramatically the page and the...
2.85 MB  
Linux Software  -  Edraw Max for Linux 8
An all-inclusive diagramming software for OS X that is capable for 260+ drawing types including flowcharts, mind maps, org charts, infographics, floor plans, AWS network diagrams, Gantt charts, electrical schematics... and that is just the...
229.07 MB  
Linux Software  -  Polling Autodialer Software 3.4
ICTBroadcast Auto Dialer software has a survey campaign for telephone surveys and polls. This auto dialer software automatically dials a list of numbers and asks them a set of questions that they can respond to, by using their telephone keypad....
488 B  
Linux Software  -  Total Video Converter Mac Free 3.5.5
Total Video Converter Mac Free developed by EffectMatrix Ltd is the official legal version of Total Video Converter which was a globally recognized brand since 2006. Total Video Converter Mac Free is a free but powerful all-in-one video...
17.7 MB  
Linux Software  -  Skeith mod_log_sql Analyzer 2.10beta2
Skeith is a php based front end for analyzing logs for Apache using mod_log_sql.
47.5 KB  
Network & Internet  -  Hide ALL IP Portable Version 2016.12.24
Hide ALL IP is the worlds best IP hide software, hide all your applications and games IP from snoopers & hackers, allows you to surf anonymously, prevent identity theft, and guard against hacker intrusions, all just need a click. Your IP...
5.39 MB  
Network & Internet  -  Ssh Tunnel Easy Portable Version
Ssh Tunnel Easy is an innovative ssh tunneling software, it can make an encrypted ssh tunnel between your machine and ssh server host, then tunnel your program TCP connection automatically through this encrypted tunnel to data forwarded. It help...
3.04 MB  
Network & Internet  -  Super Network Tunnel
Super Network Tunnel is a professional http tunnel solution,include client/server,it equal SocksCap+Bidirectional Http Tunnel +Remote Control. Normally used in building a network tunnel between the home and office computer,it's alias name is...
4.12 MB  
Network & Internet  -  Super Network Tunnel Portable Version
Super Network Tunnel is a professional http tunnel solution,include client/server,it equal SocksCap+Bidirectional Http Tunnel +Remote Control. Normally used in building a network tunnel between the home and office computer,it's alias name is...
3.8 MB  
Network & Internet  -  Free WiFi Hotspot 3.3.1
Free WiFi Hotspot is a super easy solution to turn your laptop or notebook into a portable Wi-Fi hotspot, wirelessly sharing your internet connections like DSL, Cable, Bluetooth, Mobile Broadband Card, Dial-Up, etc. through the built-in wireless...
1.04 MB