mod_privileges for Apache 2.2

I committed mod_privileges to Apache HTTPD trunk late last year, so it’s available to users of trunk.  Since we have yet to release an alpha 2.3 (let alone a beta or stable 2.4) version, that’s a limited audience.

I’ve now hacked up a simple patch to enable it to be run with Apache 2.2 (prefork MPM).  You can safely apply the patch whether or not you use mod_privileges, and I’ve proposed it for backport so it may become standard in future 2.2 releases.  The module itself will remain separate, but may be bundled in future releases of Sun’s webstack.

Links:

Posted on February 4, 2009, in apache, opensolaris, solaris. Bookmark the permalink. 9 Comments.

  1. Thanks Nick you have just made my life much easier.

  2. Cal, great, your feedback as a tester/early user will be much appreciated.

    You have presumably read the discussion of security in the manual page?

  3. will it work on freebsd 7.1? they have all the support there for the required solaris features…

  4. I haven’t tried it on FreeBSD, but if you have then why not tell us about it? A comment here, for example.

  5. ok i’ll try it soon

  6. eh, unfortunately, freebsd priv.h is a different thing…

    Dear niq, is such a module possible for freebsd?

  7. Bill Wolber Jr.

    Mr. Kew:

    My name is Bill Wolber. I am a SysAdmin at what used to be PUCC (Purdue University Computing Center, now re-named to ITaP, Information Technology at Purdue — like most organizations, we have been through re-org hell and renaming since I’ve been here.)

    I’m mainly a Solaris SysAdmin, only an occasional ‘C’ programmer (unfortunately.) So, I am not as well versed in this whole Open Source development cycle as I would like. In particular, I have been having considerable trouble getting your mod_privileges module to work in Apache 2.2.11. I apply your patch, but configuration fails. I’ve tried generating configure scripts from the Apache 2.3 tree; that does not play with Apache 2.2.11. I’ve tried hacking the configure script myself, but I get ap_unixd_config undefined errors. The problem seems to be the dependency on mod_unixd. (I checked out the arch/unix directory with subversion to get mod_unixd, and replaced that mod_priviliges.c with the 2.2 version.) I have experimented with Apache 2.3, and gotten mod_privileges to run, but that’s not a production version, of course. So, I’m wondering, how do you get this to work?

    If this is the wrong place to ask, I apologize for the bad netiquette. Just point me elsewhere. Thanks.

  8. How did you try to compile for 2.2? You should use the apxs from your installed 2.2 version, to get all the right build environment and options.

    Anyway, I need to revisit the 2.2 version, and update it in line with improvements in trunk. Now you’ve prompted me, I’ll do that, and reconfirm that it builds.

  9. Bill Wolber Jr.

    I did use apxs at first (should have stayed with it.) I kept getting
    Invalid groupid for VHostGroup:
    errors. Got into gdb and discovered that the code checks for a ‘0’ uid after the gid is returned. You guessed it — I set VHostGroup before VHostUser in httpd.conf, and switching the order fixes it.

    I am told by my officemate that this is known behavior for Apache — but I have not found it mentioned on the Apache site or in the O’Reilly books.

    Sorry I barked at the wrong tree. Glad to hear you are working on this again. Thanks for your reply.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: