On Thu, 29 Nov 2012 23:03:08 +0200 Eugen Konkov <kes-...@yandex.ru> wrote:
> Здравствуйте, Steve. > SOHS> The only problem with this is it will allow apache to > SOHS> do anything with ipfw including flush all of the rules. I would > SOHS> suggest having apache dumping the parameters of the command to > SOHS> be run into a queue of some kind (named pipe perhaps or a file > SOHS> based queue if it's important to survive shutdowns) and have a > SOHS> process reading the queue, sanity checking the parameters and > SOHS> then executing the appropriate command. > > maybe: > apache host=(root) NOPASSWD: /my/script/add_table.pl > apache host=(root) NOPASSWD: /my/script/del_table.pl > > this will restrict apache to run only add/del tasks with table. > what do you think? That also works. I have a slight preference for queue based approaches but that's just me really. -- Steve O'Hara-Smith <st...@sohara.org> _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"