Em 21-01-2014 23:48, David Sticht escreveu: > Ted, > > Thank you so much for responding. I understand all of the words you > used. However, this definitely goes beyond what I have done yet. I will > need for the apache server to instigate the request. I imagine I would want > a vast majority of the scripting to be run via CGI as normal calling out to > the daemon when the connection is necessary. The part where I get very fuzzy > is having the CGI script call out to a daemon which would be perhaps a > “wrapper” for my PERL scripting that manages the process of making > connections and retrieving data from my network devices. Would you be able > to provide any links or verbiage I could search to head me in the right > direction to figuring out this process? > > > On Jan 20, 2014, at 7:38 PM, Ted Unangst <t...@tedunangst.com> wrote: > >> On Wed, Jan 15, 2014 at 14:25, David Sticht wrote: >>> Understanding the risks I am wanting to either allow the www user right to >>> open tty or change the user running the apache daemon. I am developing a >>> suite of intranet tools with perl to perform some network diagnostics. >>> Does anybody have a suggestion to move me in the right direction? >> Take a look on the nagios-chroot package. It works exactly like this. There is a chrooted web interface that communicates with a daemon which executes commands in it's behalf. I advise against changing the user of apache or running it as root to be able to open the tty's.
Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC