Let's imagine for the moment that you have a directory named "secret"
owned by user "legaluser" and group "legalgroup"... directory permission bits are "700" (drwx------) so only the user "legaluser" has full access to this directory while neither his group "legalgroup" nor any others can do anything with it....
You want to grant web access to this directory... so the scenario would be: some user enters a login and a password ...if they match "legaluser" and the correspoding password... access is granted...
The web server (or part of it, be it Tomcat's HTTP Connector (Coyote) or Apache HTTPd) must be running as a user that "have access" to the "secret" directory beforehand (you can't give what you don't have)...
so before thinking up a solution ...is that what you want?
a cgi script would try to "su" to be "legaluser" using credentials submitted from user and then it would navigate, read certain files in the directory or do whatever.
btw this is riddled with security holes, so you should rethink your application design!
News Feed
Blogs
Event Photos
Screen Shots
Polls
Popular Content
Search
Wall Papers
hmm!
Do you mean that you want Tomcat to provide user authentication based on that system's /etc/passwd?
- I'm a code junkie security enthusiast
If so.. then you need to conf
If so.. then you need to configure a JAASRealm that uses UnixLoginModule for authentication....
How? About?
plug in a matching auth database
i.e. an LDAP / PAM access module
- I'm a code junkie security enthusiast
That's what is JAAS for!
That's what is JAAS for!
Java Authentication and Authorization
I've noticed
- I'm a code junkie security enthusiast
Can i use linux users permiss
what's this supposed to mean?
It is not clear enough
can this make a difference???
Mohammad Tag EL-Deen
ok.. i'll try to rearrange wh
Let's imagine for the moment that you have a directory named "secret" owned by user "legaluser" and group "legalgroup"... directory permission bits are "700" (drwx------) so only the user "legaluser" has full access to this directory while neither his group "legalgroup" nor any others can do anything with it....
You want to grant web access to this directory... so the scenario would be: some user enters a login and a password ...if they match "legaluser" and the correspoding password... access is granted...
so before thinking up a solution ...is that what you want?
Exactly
So what about the solution now?.
Mohammad Tag EL-Deen
a cgi script would try to "su
a cgi script would try to "su" to be "legaluser" using credentials submitted from user and then it would navigate, read certain files in the directory or do whatever.
btw this is riddled with security holes, so you should rethink your application design!