Mike, I agree, in theory. But, with various security holes in Apache, particularly around CGI, I would still be cautious. Certainly I wouldn't assign anything other than a G priv. to the guest.
Mark Post -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of Michael MacIsaac Sent: Friday, October 20, 2006 10:03 AM To: [email protected] Subject: Re: CP commands through a Web interface > And, I agree with your warnings about giving access to CP commands. If you give sudo vmcp access to only users the www group, which has one user, wwwrun (that apache runs under) by default, then no holes there. If the cgi-bin scripts only do specific queries of z/VM then no holes there. And for one more layer of security, you could use a .htaccess file to require credentials. Funnelling arbitrary CP commands through a Web interface would be dangerous. "Mike MacIsaac" <[EMAIL PROTECTED]> (845) 433-7061 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
