[Libwebsockets] PAM authentication for http sessions

Necktwi Ozfguah necktwi at ferryfair.com
Tue Sep 4 07:25:14 CEST 2018


> On 04-Sep-2018, at 9:19 AM, Necktwi Ozfguah <necktwi at ferryfair.com> wrote:
> 
> On 04-Sep-2018, at 8:58 AM, Andy Green <andy at warmcat.com> wrote:
> 
> On 09/04/2018 11:17 AM, Necktwi Ozfguah wrote:
> 
> Hi, For a FileSystem operation, is it possible to set UID and GID on the
> 
> You can tell lws to drop privileges and take on a noprivileged uid and gid just by setting the context creation info .uid and .gid
> 
> https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42jtl-2BHS72n8W8-2BdZEc27PklOQ6y9BK7rpJ3-2FA3UXdw1WOgE4LPYFbzySTIsKHQFirEsccPb9qcVnF2C3cwfjiNPPvayaVblHohKWzkzDsoF8QiApU1ojlQGKrAUBw8AljA-3D-3D_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqy41Q0-2FnwWX425FIt2hO9U4GgHraa3GcoBcwev5XJwe5mXLyF9ZuVAwB4WFVjGmfi1VbvyFxlrcYpVhZEzBo2dbD101TPZFPpJpnZcPb0egwFSWE2eOI-2FUb-2FFd-2BJI601qFEM9K98SmTtf8M6MPfmINDMkpvK1VOW5312fLAl9W8k-3D <https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42u7cPGghXCdGGd9Sj25ftZFcHDVj2YDVyT9b6LUfX5fnuKUjlwv25oT2-2F64zCCBCjSfHC9-2FSlUnqZwozeI25o-2FkjidU18XREyIuuNt1yrePg1VmWhLB5z5CWZOQFw-2FGj3Pw6iVOnS3XIUOn07bIddimqrEHKOj3FRS4iD8V8VsmcTbsVoVJ8wqVIjlA4o1Gw5M-2FhvqDhd8rz7ESV4bgLkq6XhHD4CSBAAL-2FSCMSGA8R7qb9SvrrxMWbmVDpuxNWfCRmS3nR-2FenBUrGPpTwQ-2Fb72SnqyLJB6GUPASzlxFVaz-2BkFhqfu1-2FKO9jwCztFyfbdL1xXDOy6MoZNDnV6dVU06bnscdUe8YhgQpDHwowm0FJIDucki9RcqcXagj1ISQzzKAH5tcBwvgA2z6qOAa0n-2BqhTyxBbC-2BzVSRwIrXyqRGJUc6oM-2BUu7988Co-2BacEz8nXmILPLEoiTHBXxbLE6xqkYgRXe9IB5Htg5iKmB-2FzzMaxGye3DoYl0xGLOCDE0u8xH463lC-2Fv8b8P2LZBeZ6gQF5jq8f-2FcJXiqRfzn9Ut0QEKt3193wDqfchZHJAhCpaZDueAqYEpikIaT5-2Bl7s-2F044FOFDnbE-2BZfDPgXN5BqknW_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqy41Q0-2FnwWX425FIt2hO9U259SRAvfXOn2IQMcW5kGKKaWcfvMEjMQ6OziCsDQh-2BnvcxkjSSjjYBgSJxM9Kxm2SIBPxXdOOD5x9sF-2Fn3ike68cenA1oPhWdq8HmmRuOpbBBBwlfw-2B2wN5csyik5v5CCUGTdaKhjkJCAbZ-2By-2FIORc-3D>
> It implies you start your app as root. The transition to the different uid + gid happens after the vhost protocol init, which allows you to open / create / modify things still as root in your LWS_CALLBACK_PROTOCOL_INIT. This is very convenient for opening logfiles or whatever in directories that are only root-accessible, and still be able to use the fd after the privileges to do that have gone.
> 
> process? Is there any mechanism drafted to use PAM with libwebsockets.
> 
> AFAIK I don't have any use for PAM + lws.
> 
> What would you actually use it for?
> 
> 
I am running a hobby web server. I want my web users to use the linux login credentials. Of course lws and PAM are independent. Thank you.
> To determine uid of the http session user. Never mind, “You can tell lws to drop privileges and take on a noprivileged uid and gid just by setting the context creation info .uid and .gid” is all I am looking for. Thank you for implementing thread pool, I shall checkout.
> 
> -Andy
> … NeckTwi _____________________________________________ Libwebsockets mailing list Libwebsockets at ml.libwebsockets.org <mailto:Libwebsockets at ml.libwebsockets.org>https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42jtl-2BHS72n8W8-2BdZEc27Pkm8-2BhcIKmaR9WoeTGnhmq-2Br9kYDs4T-2FMrzobihEBMVcsg-3D-3D_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqy41Q0-2FnwWX425FIt2hO9U3L6cMWMndvdTedBYh8s7hS6WBMdOBe85aKZHVJObO-2BUPYOXnrzN9IU4Jj7zdMHZUWgofbzE4tkq88IMBvY7giCcaYSt8QcDcUox1W-2BqDDo-2BN3wyRXTxdPWgZKlQPySa1DGPrAndlP-2ByGZ4D29MTw9g-3D <https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42u7cPGghXCdGGd9Sj25ftZFcHDVj2YDVyT9b6LUfX5fnuKUjlwv25oT2-2F64zCCBCjSfHC9-2FSlUnqZwozeI25o-2FkjidU18XREyIuuNt1yrePgv1KVyq4PpZGx7bUqYpOnksHQlyYrN206d9whpm31pcB49UPaNazrrNkz-2FndU8cww5p4WM7wWoMpE9p1mvQZAbnlLw1Z07eoaeAvDfOcqsPs8u0OMqNGkM5-2BUq4zJ061u-2BeTK9wq5qCIlLnswHXVtMHTn0YQRIC6BG04b9NVEoxumCzMMbGvgyM1-2BhdvlFCJmiSKm4SXIt3g8gZVJXulRhgPwqfFs1v6-2Bh2MyxTbMP1lIGetzcFnL-2BMJVmBTjb1yB2g5OvFXq-2Bv-2Bh7cEqQwidyV0-2BuQGidM8ufNRKKG29Pe6uiIAu9i-2BvYJnPzJkG9ijMNZl7UnWYSMxpD00aoC-2FA5pqomp9UwWDPD-2F2bqXD1-2FvkwIFDf-2B-2BDhfDduLgoGxe-2BVe46P2k8A0Hc27Fr92mAnTmRYd5wS1VXQj1o81BmwCks-3D_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqy41Q0-2FnwWX425FIt2hO9U1uWUUHjqMP38WmdO1AMCnBOiP3Kr23w9Y-2Bv6cNSOGpBEaQYB3TA7qx5RB5qeBks-2BWrhPs4NJpLyWDpwHJjhXPy2lrzeIFAFUjRT6ZJPi0TXOMFUYK5yhTxR1AYDP3SA9zGaOSuuMqLFogf7rgAr98I-3D> _______________________________________________
> Libwebsockets mailing list
> Libwebsockets at ml.libwebsockets.org <mailto:Libwebsockets at ml.libwebsockets.org>
> https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42jtl-2BHS72n8W8-2BdZEc27Pkm8-2BhcIKmaR9WoeTGnhmq-2Br9kYDs4T-2FMrzobihEBMVcsg-3D-3D_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqy41Q0-2FnwWX425FIt2hO9U61XWrBu8XY6ORG7r6kMDlTNwBYLBvOhcWT21nbtJUUa7Tqw2zsPR4FvxMkXvq9DgUXqFbFI44Mvirw94jJE3-2F-2BZTyWg-2FQUTRsSGPZYos6yyTnxWiw6C6Nr-2F522c-2FvIFDnFMFrkhHCRwY1BwHIMVnDY-3D <https://u7535577.ct.sendgrid.net/wf/click?upn=S8VPHvg5-2FzxqlLfWXPq42jtl-2BHS72n8W8-2BdZEc27Pkm8-2BhcIKmaR9WoeTGnhmq-2Br9kYDs4T-2FMrzobihEBMVcsg-3D-3D_MVqETTsl5w9JZmVH1Sq2QE8KivBbCxWEMAI66w938-2FwvrqQiWAHgQB1aY46IxLBqy41Q0-2FnwWX425FIt2hO9U4DiiY0jTAuTiw4o4-2BjlFrApmGItt0V2RJWp-2FnJ1I2V1gpjEl4-2Fw77bFpkjMtOm8cX9Jt5iBEAA-2FVT7wPvCrlct8SXJQCCHC5-2BvjeVs9yCfp-2B22yHFDZ-2FOr1NZgyN9bvWbYK4hvApyxyIWIJvBOtm-2Fs-3D>

… NeckTwi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20180904/904ce359/attachment-0002.html>


More information about the Libwebsockets mailing list