On Thu, 29 Nov 2012 23:03:08 +0200
Eugen Konkov <kes-...@yandex.ru> wrote:
> Здравствуйте, Steve.
> SOHS> The only problem with this is it will allow apache to
> SOHS> do anything with ipfw including flush all of the rules. I would
> SOHS> suggest having apache dumping the parameters of the command to
> SOHS> be run into a queue of some kind (named pipe perhaps or a file
> SOHS> based queue if it's important to survive shutdowns) and have a
> SOHS> process reading the queue, sanity checking the parameters and
> SOHS> then executing the appropriate command.
>
> maybe:
> apache host=(root) NOPASSWD: /my/script/add_table.pl
> apache host=(root) NOPASSWD: /my/script/del_table.pl
>
> this will restrict apache to run only add/del tasks with table.
> what do you think?
That also works. I have a slight preference for queue based approaches
but that's just me really.
--
Steve O'Hara-Smith <st...@sohara.org>
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
