[Mono-aspnet-list] Impersonation for special pathes
Robert Jordan
robertj at gmx.net
Fri Dec 3 10:12:21 EST 2010
On 03.12.2010 15:46, mabra at manfbraun.de wrote:
> Hi !
>
> Thanks;Just not what I've expected ... :-(
> I am too new to linux programming to understand
> the big picture :-(
>
> Naturally, running apache/mod_mono as root
> is completely indiscutable.
>
> So, I'll create a helper daemon and make
> IPC to it via remoting.
Note that I did not tell you the whole truth.
If you're planning to develop an *impersonation* daemon in managed
code, then you're basically entering a world of pain ;)
Unix' setuid functions are process-wide. This means that
you can't safely implement a threaded deamon (like one that
serves as a .NET remoting server).
You may want to try setfsuid which is allegedly thread-local,
but this is pretty an "unknown territory" for the Mono runtime.
Robert
>
> Thanks anyway,
>
> br++mabra
>
> -----Original Message-----
> From: mono-aspnet-list-bounces at lists.ximian.com
> [mailto:mono-aspnet-list-bounces at lists.ximian.com] On Behalf Of Robert
> Jordan
> Sent: Friday, December 03, 2010 12:49 PM
> To: mono-aspnet-list at lists.ximian.com
> Subject: Re: [Mono-aspnet-list] Impersonation for special pathes
>
> On 02.12.2010 21:02, mabra at manfbraun.de wrote:
>> Hi All !
>>
>> To allow some system near function, I need a prived user.
>> With windows, I use imperonation in asp.net, defined
>> in the 'web.conf', under special 'location' tags.
>>
>> Is this just the same way with mono/linux [so far
>> I would currently not know any method to impersonate
>> in code].
>
> Mono does not support impersonation because it would be
> pretty limiting and insecure under Unix.
>
> Under Unix only root is permitted to impersonate. Since
> Apache workers and thus mod-mono-server (the ASP.NET host) are
> running under an unprivileged user account, impersonation
> is simply impossible. Running Apache workers as root is not
> recommended.
>
> Robert
>
> _______________________________________________
> Mono-aspnet-list mailing list
> Mono-aspnet-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-aspnet-list
More information about the Mono-aspnet-list
mailing list