I know -(( But i need to develop users managment utility that works on the web. I think that if i will keep the URL secure, and log evrything that goes in there then it might be more safe. not to mention that the manager would NOT have meny choices...i have several profiles that the manager need to choose from, he does not have any control on root permitions, telnet access and such, just Radius access and pine access to other server on different network. Mike ----- Original Message ----- From: "Ely Levy" <[EMAIL PROTECTED]> To: "Mike" <[EMAIL PROTECTED]> Sent: Thursday, January 06, 2000 5:52 PM Subject: Re: Re: OFF TOPIC - chmod with root permissions > well you can do setuid to root but it's really unsafe.. > I think you should check about SSL , > but in general it's REALLY not safe to run things from the web under root > which is exaclly the reason why apache run under users nobody > who has no permission whatsoever.. > > > Ely Levy > System group > Hebrew University > Jerusalem Israel > > > > On Wed, 5 Jan 2000, Mike wrote: > > | Hi. > | > | I have here a managment system that was develop by the old system > | administrator. > | Since we have a unique needs then instead of using regular or already > | build managment program then i decided to improve the current one. > | Now, the way that the current program works is not what i proffered, so i > | want to know how much problem it will be in order to change it to be as i > | want it to. > | Since i usually use the adduser,passwd and deluser programs that comes with > | the OS i need to be root in order to use them. but the web server runs under > | nobody user and group. > | > | So i asked the mailing list group what they think is the best way to do > | this. > | > | Mike > | > | > | ----- Original Message ----- > | From: "Ely Levy" <[EMAIL PROTECTED]> > | To: "Isaac Aaron" <[EMAIL PROTECTED]> > | Cc: "Mike" <[EMAIL PROTECTED]>; "Linux-il" > | <[EMAIL PROTECTED]> > | Sent: Wednesday, January 05, 2000 4:10 PM > | Subject: RE: Re: OFF TOPIC - chmod with root permissions > | > | > | > Well I'm not really sure what exactly he tries to do .. > | > but I guess he could use SSL or one of the web admin programs that run > | > scripts for you.. > | > I still try to get why he even touches the passwd file.. > | > SSL looks like the must normal option in my homble opinion.. > | > and btw there are already programs like adduser.. > | > > | > ll&p > | > > | > Ely Levy > | > System group > | > Hebrew University > | > Jerusalem Israel > | > > | > > | > > | > On Wed, 5 Jan 2000, Isaac Aaron wrote: > | > > | > | > | > |How about, if Mike will write the script in a way that gets the > | > |user/password combination for root from the user though a form? > | > | > | > | > | > | > | > | > | > | > | > |usually why respond to this kind of question would be are you nuts?? > | > |you want to make a suid script?and not only a suid script but one that > | > |edit your password file?how about adding a please hack me icon on the > | > |frontpage of your hp?:) > | > | > | > |Ely Levy > | > |System group > | > |Hebrew University > | > |Jerusalem Israel > | > | > | > | > | > | > | > |On Mon, 3 Jan 2000, Mike wrote: > | > | > | > ||Hi list. > | > ||I wrote a management script for my Linux/UNIX systems. > | > ||I want to be able to use it with web interface, however, since it uses > | > |the > | > ||adduser, passwd and userdel commands and it does some editing to the > | > |passwd > | > ||file it will not run under the usually nobody user witch the apache > | > |server > | > ||uses (on my system anyway). > | > || > | > ||My question is simple. > | > ||should i create a new virtualhost with root permissions OR apply to > | the > | > ||script i wrote the option to be run as root no meter who is running it > | ? > | > || > | > ||Waiting for tour comments.... > | > || > | > ||Mike > | > || > | > || > | > || > | > ||================================================================= > | > ||To unsubscribe, send mail to [EMAIL PROTECTED] with > | > ||the word "unsubscribe" in the message body, e.g., run the command > | > ||echo unsubscribe | mail [EMAIL PROTECTED] > | > || > | > || > | > | > | > | > | > |================================================================= > | > | To unsubscribe, send mail to [EMAIL PROTECTED] with > | > |the word "unsubscribe" in the message body, e.g., run the command > | > |echo unsubscribe | mail [EMAIL PROTECTED] > | > | > | > | > | > | > | > | > | > | > | > | > | > > | > > | > | > > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
