mod_fileownercheck checks between owner of opened r->filename and that of current r->filename at output filter phase. This module resolves TOCTOU with FollowSymlinks and checks a permission of static contensts on VirtualHost.
ref. Apache does not honor -FollowSymlinks due to TOCTOU
- Check whether matches between owner of opened r->filename and that of current r->filename
- Check whether matches between owner of opened r->filename and that of symlink (r->filename) if r->filename is symlink
- Check whether matches between owner of opened r->filename and that of r->filename cofigured by
SuexecUserGroup
apxs -c -i mod_fileownercheck.c
LoadModule fileownercheck_module modules/mod_fileownercheck.so
Set Enable Owner Check Using SuexecUserGgroup
config (On / Off default Off).
If FOCSuexecEnable On
, mod_fileowner checks between a owner of opened r->filename
and a user configured by SuexecUserGroup
.
<Directory /var/www/html/vhost/*/htdocs>
FOCSuexecEnable On
</Directory>
under the MIT License: