Pagina 1 van 1
apache-itk-mpm & mod_perl
Geplaatst: 02 jul 2011, 21:11
door Ofloo
Code: Selecteer alles
UserDir disabled
<IfModule perl_module>
<Perl>
use strict;
use warnings;
my $min_uid = "1000";
my $max_uid = "65000";
my $min_gid = "1000";
my $max_gid = "65000";
my @userdir = ("disabled");
print "UserDir @userdir\n";
print "UserDir public_html\n";
open (PASSWD, "/etc/passwd") || die "Couldn't open passwd file";
while (<PASSWD>) {
my @passwd = split (":", $_, 7);
if ($max_uid >= $passwd[3] && $passwd[2] >= $min_uid && $max_gid >= $passwd[3] && $passwd[3] >= $min_gid) {
open (GROUP, "/etc/group") || die "Couldn't open group file";
while (<GROUP>) {
my @group = split (":", $_, 4);
if ($passwd[3] == $group[2]) {
print qq {
<Directory "/home/$passwd[0]/public_html">
AssignUserID $passwd[0] $group[0]
AllowOverride FileInfo AuthConfig Limit Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
<Directory "/home/$passwd[0]/public_html/cgi-bin">
AssignUserID $passwd[0] $group[0]
AllowOverride None
Options +ExecCGI
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
AddHandler cgi-script .cgi
</Directory>
};
}
}
close GROUP
} else {
push (my @userdir, $passwd[0]);
}
}
print qq {
UserDir @userdir
};
close PASSWD
</Perl>
</IfModule>
Tja ben niet zo goed in perl, is trouwens men eerste script, werkt wel maar niet zoals verwacht, ...
Wat ik wens te doen is dynamische config van apache webserver, .. iemand die een stukje sample code kan voorzien van mod_perl met <directory> ?
Re: apache-itk-mpm & mod_perl
Geplaatst: 03 jul 2011, 21:17
door Ofloo
include:
Code: Selecteer alles
# User home directories
<IfModule !mpm_itk_module>
Include etc/apache22/extra/httpd-userdir.conf
</IfModule>
<IfModule mpm_itk_module>
AssignUserID www www
Include etc/apache22/extra/httpd-userdir-dynamic.conf
</IfModule>
ok, .. de code moet dus dit zijn, .. maar nu duikt er een ander probleem op
Code: Selecteer alles
<IfModule !perl_module>
UserDir disabled
</IfModule>
<IfModule perl_module>
UserDir public_html
<Perl>
my $min_uid = "1000";
my $max_uid = "65000";
my $min_gid = "1000";
my $max_gid = "65000";
my @userdir = ("disabled");
open (PASSWD, "/etc/passwd") || die "Couldn't open passwd file";
while (<PASSWD>) {
chomp;
next if (/^$/); # ignore null lines
next if (/^\s*#/); # ignore comment lines
my @passwd = split (":", $_, 7);
if ($max_uid >= $passwd[3] && $passwd[2] >= $min_uid && $max_gid >= $passwd[3] && $passwd[3] >= $min_gid) {
open (GROUP, "/etc/group") || die "Couldn't open group file";
while (<GROUP>) {
chomp;
next if (/^$/); # ignore null lines
next if (/^\s*#/); # ignore comment lines
my @group = split (":", $_, 4);
if ("$passwd[3]" == "$group[2]" && $passwd[3] != "") {
$Directory {"$passwd[5]/public_html"} = {
AssignUserID => "$passwd[0] $group[0]",
AllowOverride => "FileInfo AuthConfig Limit Indexes",
Options => "MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec",
Limit => {
"GET POST OPTIONS" => {
Order => "allow,deny",
Deny => "from all"
},
},
LimitExcept => {
"GET POST OPTIONS" => {
Order => "allow,deny",
Deny => "from all"
},
},
}
$Directory {"$passwd[5]/public_html/cgi-bin"} = {
AssignUserID => "$passwd[0] $group[0]",
AllowOverride => "None",
Options => "+ExecCGI",
Limit => {
"GET POST OPTIONS" => {
Order => "allow,deny",
Deny => "from all"
},
},
LimitExcept => {
"GET POST OPTIONS" => {
Order => "allow,deny",
Deny => "from all"
},
},
AddHandler => "cgi-script .cgi",
}
}
}
close GROUP;
} else {
push (@userdir, $passwd[0]);
}
}
$UserDir = "@userdir";
close PASSWD;
</Perl>
</IfModule>
log:
[Sun Jul 03 19:15:29 2011] [error] [client 212.71.19.x] client denied by server configuration: /home/x/public_html
[Sun Jul 03 19:15:29 2011] [warn] (itkmpm: pid=81003 uid=x, gid=x) itk_post_perdir_config(): setgid(80): Operation not permitted
[Sun Jul 03 19:15:29 2011] [warn] Couldn't set uid/gid/priority, closing connection.
Re: apache-itk-mpm & mod_perl
Geplaatst: 04 jul 2011, 00:05
door Ofloo
Volgens mij is het probleem het script niet maar de moment van setgid, .. het zit in een subthread en niet in de main thread die de sub threads spawned, .. wat op zich normaal is, .. want als ik zelfs de apache webserver naar uid root zet heeft het hetzelfde probleem, .. het is gewoon een beperking van mpm-itk ..dus eigenlijk zou ik met mod_perl een thread hoger moeten kunnen gaan of iets dergelijks.