Web applications are already widely spread nowadays. Webservers running on multi-user operating systems serve these applications under the same user and group identities for achieving the best possible performance. Conversely, the scripts executed by the webserver have equal rights irrespectively of their owners, because they are being executed with the identities of the webserver. Mostly these situations can be uncomfortable for programmers and on top of that malicious users are able to access the source code of other applications, sensitive information stored with the permissions of the webserver.
In practice the problem regarding the common user identities used for serving comes forward in no time when the number of users starts to grow, e.g.: permission for the files uploaded via the webserver must be manually corrected; these files are hard to manage, because they were created with the user id of the webserver; this also implies some problems with file system quotas; resources cannot be accounted or logged for each separate user; and other serious problems, which may seem insignificant at first sight. Since most of the web servers today follow the mentioned architecture (Apache+mod_php/mod_python/mod_ruby/etc.), many users and system administrators are facing these problems at various places including Internet service providers, educational institutes, etc.
This presentation discusses a possible method developed by the author to solve the above-mentioned problem, providing both fast and secure execution environments for web applications with a mechanism that switches user and group identities in runtime. Also describes the details the possibilities of runtime changing of user and group identities, the extension and modification of the Linux kernel, the required modifications in the Apache webserver and the Linux kernel. Also explains when the process has the permission to gain another user/group id to avoid being tricked while an Apache child process is interpreting a script of a regular user.
Finally, this method preserves the fastness of the mpm_prefork+mod_php/mod_python/etc. model, and the security provided by suexec/suphp/mpm_itk/etc. solutions.
During development some secondary products came into existence which can be used separately too:
logging the consumed CPU time of the served requests sent to the web server,
showing the currently served request in the titles of web server processes,
controlling the serving of applications according to the system load.
Finally the performance measures of the various methods and extensions are evaluated, and ideas about further development are also summarized.
The mentioned solutions were implemented under Linux operating system in C and x86 Assembly programming languages.