[Libwebsockets] PAM authentication for http sessions

Andy Green andy at warmcat.com
Tue Sep 4 05:28:05 CEST 2018



On 09/04/2018 11:17 AM, Necktwi Ozfguah wrote:
> Hi,
> 
> For a FileSystem operation, is it possible to set UID and GID on the 

You can tell lws to drop privileges and take on a noprivileged uid and 
gid just by setting the context creation info .uid and .gid

https://libwebsockets.org/git/libwebsockets/tree/include/libwebsockets/lws-context-vhost.h#n219-222

It implies you start your app as root.  The transition to the different 
uid + gid happens after the vhost protocol init, which allows you to 
open / create / modify things still as root in your 
LWS_CALLBACK_PROTOCOL_INIT.  This is very convenient for opening 
logfiles or whatever in directories that are only root-accessible, and 
still be able to use the fd after the privileges to do that have gone.

> process? Is there any mechanism drafted to use PAM with libwebsockets.

AFAIK I don't have any use for PAM + lws.

What would you actually use it for?

-Andy

> … NeckTwi
> 
> 
> 
> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org
> https://libwebsockets.org/mailman/listinfo/libwebsockets
> 



More information about the Libwebsockets mailing list