[OpenAFS] RE: Web server over AFS

Mathieu, Thomas J Thomas.Mathieu@pnl.gov
Fri, 15 Dec 2000 12:18:14 -0800

Hello Peter --

We run a webserver (Sun Ultra 80 class, 4 processor, currently Solaris 2.6).
Only a handful of admins have access and it has a highly secure configuration --
no telnet or ftp access, etc., other than the webserver.  It runs Apache web
services and serves pages out of our AFS space. Several logical servers are
supported -- and external server (which anyone can view at www.emsl.pnl.gov), an
internal server limited to on site access, a secure server which allows
authenticated external access to the internal only area, and a few project
specific areas.

The external web pages are maintained by a few web developers who know rules
about what can be released and what can't. The internal pages are maintained by
project web developers. CGI scripts are peer-reviewed for potential problems or
policy violations. This is strictly enforced on the external site, more loosely
enforced internally. Most file access is to databases which have secondary
controls.  Scripts aren't allowed write to the web server or AFS space, but we
haven't extensively tested the capabilities here.

We use AFS WebSecure product from IBM/Transarc to manage the secure web access
controls.  It works in conjunction with AFS groups to control access. After a
users authenticate, they can access web pages as allowed by groups in which they
are members.

No bonus points. only one moderately loaded server taking about 1.5M hits per

Tom Mathieu (tom.mathieu@pnl.gov)
EMSL Computer Support
Battelle, Pacific Northwest National Laboratory

-----Original Message-----
From: Peter Scott [mailto:Peter.J.Scott@jpl.nasa.gov]
Sent: Thursday, December 14, 2000 6:54 PM
To: openafs-info@openafs.org; info-afs@transarc.com
Subject: Web server over AFS

Hello.  I am looking for input from anyone who has successfully run an 
institutional web server using AFS and provided users the ability to create 
web interfaces to persistent data.  The hard part is ensuring that customer 
CGI programs are the only processes allowed to modify that data and that 
no-one else with an AFS account can get at it through CGI programs in their 
own directory.  Non-AFS systems solve this with setuid, which is not 
available on AFS.  I am talking about a centralized web server which is 
administered by AFS admins, no user access allowed to local disk space.

We have a couple of theoretical solutions already, so I really want to 
constrain the answers to solutions that have been proven in 
practice.  Bonus points if yours works with load balancing or round-robin 
type web server multiplexing.  Thanks in advance.
Peter Scott