Project info for

Share This Created 1 Nov 2007 at 02:35 UTC by presbrey.


Notes: began as a web script service in Fall 2003 in an attempt to make it easier for members of the MIT community to create and maintain dynamic websites at the institute. Presently it also supports other “script services”, namely the mail script service and the cron script service (aka the “shortjobs” service). The web script service serves executable content out of a subdirectory of users’ AFS home directories using Apache, suexec, and a specially-modified OpenAFS kernel module. The AFS file retrieval model presents some challenges for the web script service. It is undesirable to have users’ full account credentials (ie, their Kerberos tickets or their AFS tokens) residing permanently on since the server system does not need this much access (and since the server system having this much access could cause problems for users if the system were to be compromised by an evildoer or script vulnerability). The OpenAFS kernel module on has been modified to perform all operations as the authenticated AFS identity daemon.scripts. In other words, daemon.scripts’ AFS tokens are used in order to authenticate all operations regardless of which user requested the operation. In order to prevent users’ scripts from accessing the data of other users, the OpenAFS kernel module only allows AFS operations that fairly clearly involve a users’ scripts accessing the user’s own data – specifically, only allows a user’s scripts to use the shared credentials to access the user’s own AFS volume. A user can therefore access their own scripts directory, but they cannot improperly access other people’s scripts directories. The OpenAFS kernel module code that needs to perform this additional access check knows little more than the uid of the process requesting the AFS operation and the volume id of the file or directory being accessed. In order to simplify the check, we ensure that every user’s uid on is equal to their Athena home directory’s volume id. The AFS kernel module therefore refuses most AFS operations unless the uid of the process requesting the operation is equal to the volume id of the volume containing the data being accessed. A few AFS operations that do not satisfy this “uid == volume id” condition are still allowed. If system:anyuser would be allowed to perform the operation, the operation is always allowed. The web server’s account on is allowed to perform any operation that requires only AFS “list” access since Apache expects to be able to “cd” to the directory containing a script before it invokes suexec. More detailed information.

License: GNU v2+

This project has the following developers:

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!

Share this page