documentation:mod_rsbac
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
|
documentation:mod_rsbac [2006/02/04 11:52] ao Add CGI |
documentation:mod_rsbac [2006/05/02 15:40] 127.0.0.1 (old revision restored) |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Apache RSBAC module ====== | ====== Apache RSBAC module ====== | ||
| + | |||
| ===== General ===== | ===== General ===== | ||
| Line 6: | Line 7: | ||
| The target is to have completely separated virtual domains (or directories) without the overhead of forking new processes and/or executing a helper program like suexec. As long as a worker process serves for one virtual server, it cannot access anything from another virtual server. | The target is to have completely separated virtual domains (or directories) without the overhead of forking new processes and/or executing a helper program like suexec. As long as a worker process serves for one virtual server, it cannot access anything from another virtual server. | ||
| - | We have two basic roles, Master and Worker-Main, and one role per virtual server. The Master role has ASSIGN right to Worker-Main and all virtual domain roles. Worker-Main is compatible with all virtual domain roles. The data of each virtual server has its own type, which can only be accessed by its own role and not by Worker-Main or Master. | + | We have two basic roles, Master and Worker-Main, and one role per virtual server. The Master role has ASSIGN right to Worker-Main and all virtual domain roles. Worker-Main is compatible with all virtual domain roles. The data area of each virtual server has its own type, which can only be accessed by this virtual server's role and not by Worker-Main or Master. |
| ===== Behaviour ===== | ===== Behaviour ===== | ||
| - | The Apache master process, which accepts connections, runs with role Master. This can e.g. be set as initial role on the httpd binary. The Worker-Main role is assigned to the Apache user (e.g. www-run). When a worker process gets forked from the master process, it calls setuid(www-run) and thus gets the Worker-Main role as current role. | + | The Apache master process, which accepts connections, runs with role Master. This can e.g. be set as initial role on the httpd binary. The Worker-Main role is assigned to the Apache user (e.g. www-run). When a worker process gets forked from the master process, it calls setuid(www-run) and thus gets the Worker-Main role as current role. Alternatively, the worker process can actively change from Master to Worker-Main, if set as compatible role. |
| Whenever a new connection comes in, the Master process selects an idle worker process, assigns the Worker-Main role to it and hands over the connection. The worker process reads the request, actively changes its current role to the correct virtual domain role and serves the requested pages. As it cannot change back to Worker-Main by itself, there is no way to access another virtual domain without help of the master process. | Whenever a new connection comes in, the Master process selects an idle worker process, assigns the Worker-Main role to it and hands over the connection. The worker process reads the request, actively changes its current role to the correct virtual domain role and serves the requested pages. As it cannot change back to Worker-Main by itself, there is no way to access another virtual domain without help of the master process. | ||
| Line 25: | Line 26: | ||
| Each virtual domain can have a directory for CGIs with a force_role setting for another role per virtual domain, so that CGIs have different access rights. | Each virtual domain can have a directory for CGIs with a force_role setting for another role per virtual domain, so that CGIs have different access rights. | ||
| - | |||
documentation/mod_rsbac.txt · Last modified: 2006/11/27 18:48 by kang