El dom, 03-10-2010 a las 09:45 +0100, Juan J. Martínez escribió: > El dom, 03-10-2010 a las 09:36 +0100, Juan J. Martínez escribió: > > [...] > > > > Another solution would be set the suid flag in the CGI span-fcgi, and > > chown the file to the user/group you want to use to run it. In that way > > Cherokee should be able to ejecute the file with the right user without > > being root. > > Sorry, I was talking in theory :). In practice, it won't work if your > spawn-fcgi it's a shell script.
OK, thinking about it... I wrote a simple tool to accomplish that: run whatever you want from a suid program, so you can spawn the fast-cgi stuff as a different user that the one running Cherokee. It was very easy to do, but quite insecure (it allows any user to run anything as the target user), so I added a simple ACL so you can limit the commands to be executed and the users allowed to do so. And I stopped there, because I don't want to reimplement SUDO! If someone want to play with it: http://www.usebox.net/jjm/suidexec/ Some people asked for suEXEC support in Cherokee, this might do the trick, but obviously without any kind of warranty ;) It's been roughly tested and any comment it's welcome. Cheers, Juanjo -- jjm's home: http://www.usebox.net/jjm/ blackshell: http://blackshell.usebox.net/ ramble on: http://rambleon.usebox.net/ _______________________________________________ Cherokee mailing list [email protected] http://lists.octality.com/listinfo/cherokee
