[Libwebsockets] PAM authentication for http sessions

Necktwi Ozfguah necktwi at ferryfair.com
Tue Sep 4 05:49:12 CEST 2018



> On 04-Sep-2018, at 8:58 AM, Andy Green <andy at warmcat.com> wrote:
> 
> 
> 
> On 09/04/2018 11:17 AM, Necktwi Ozfguah wrote:
>> Hi,
>> For a FileSystem operation, is it possible to set UID and GID on the 
> 
> You can tell lws to drop privileges and take on a noprivileged uid and gid just by setting the context creation info .uid and .gid
> 
> https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42jtl-2BHS72n8W8-2BdZEc27PklOQ6y9BK7rpJ3-2FA3UXdw1WOgE4LPYFbzySTIsKHQFirEsccPb9qcVnF2C3cwfjiNPPvayaVblHohKWzkzDsoF8QiApU1ojlQGKrAUBw8AljA-3D-3D_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqar9vonnVTcA5cWTfDu-2BRqhd5K9huNhkCgax-2Fk2KSldFQV8UggoGz3SIAlcNrt0VCxVcXynrCwH3s6BLAViG5b5-2BkKdIWkRnIadKVqzkCXXI6LraNkpgKDNrN-2BaVlIavDnAal3vHYAV3C0sz30BoNTLETxI9cTT4AJkfqQEdFcLk-3D
> 
> It implies you start your app as root.  The transition to the different uid + gid happens after the vhost protocol init, which allows you to open / create / modify things still as root in your LWS_CALLBACK_PROTOCOL_INIT.  This is very convenient for opening logfiles or whatever in directories that are only root-accessible, and still be able to use the fd after the privileges to do that have gone.
> 
>> process? Is there any mechanism drafted to use PAM with libwebsockets.
> 
> AFAIK I don't have any use for PAM + lws.
> 
> What would you actually use it for?
To determine uid of the http session user. Never mind, "You can tell lws to drop privileges and take on a noprivileged uid and gid just by setting the context creation info .uid and .gid" is all I am looking for. Thank you for implementing thread pool, I shall checkout.
> 
> 
> -Andy
> 
>> … NeckTwi
>> _______________________________________________
>> Libwebsockets mailing list
>> Libwebsockets at ml.libwebsockets.org
>> https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42jtl-2BHS72n8W8-2BdZEc27Pkm8-2BhcIKmaR9WoeTGnhmq-2Br9kYDs4T-2FMrzobihEBMVcsg-3D-3D_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqar9vonnVTcA5cWTfDu-2BRqp7cciMqBxtMZKquIX1Hnc6RpSkkQVHhLHf95to3jvkV8kRCuePaHDNc9advefhPOiUHVaw0aBB3AIpL4CUnljvoAZZC34jt4aA14Hv26kro3m19fwzxKWaQuGptlXlQfSJS4viPFh27ZMz6Ix8dRBw-3D

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20180904/276c656d/attachment-0002.html>


More information about the Libwebsockets mailing list