Bug 48808 - mod_authz_owner support for POSIX access control lists
Summary: mod_authz_owner support for POSIX access control lists
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_authz_owner (show other bugs)
Version: 2.5-HEAD
Hardware: PC Linux
: P2 enhancement (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
Depends on:
Reported: 2010-02-24 12:21 UTC by Sven Ulland
Modified: 2014-09-29 16:10 UTC (History)
0 users


Note You need to log in before you can comment on or make changes to this bug.
Description Sven Ulland 2010-02-24 12:21:51 UTC
This is an enhancement request for the mod_authz_owner module to support
posix acls, enabling fine-grained, filesystem-based authorization.
Currently it only respects the primary owner and group of files.

Many Unix-like systems support posix acls, including Linux, BSD and
Solaris. OSX and Windows have similar features, but these might be more
difficult and/or less useful to interface with. Linux would be the
preferred platform for a pilot implementation.

From my perspective, the primary usecase is a file download system, where
Apache provides the HTTP access method in parallel with others, such as
shell/ ssh/scp and Samba for CIFS/SMB, to access the same set of files.
Authentication is based on LDAP (both in Apache, Samba and nsswitch).
Currently, access control happens in three places: 1) Apache .htaccess
and/or Directory/Location directives in the config, 2) Samba's additional
user/group directives in smb.conf, and 3) file/dir ownership. Keeping
the access control purely in the filesystem (with POSIX ACLs) would avoid
the fragmentation and difficulty of maintenance, as long as the access-
providing applications (Apache, Samba, etc) support it.