On Wed, 29 Aug 2007 13:23:30 +0100
John ORourke <[EMAIL PROTECTED]> wrote:
> Matthieu FEREYRE wrote:
> >
> > kill -USR1 apache_pid
> >
> > do that extremly well but apache doesn't have the rights to launch
> > it from perl !
> >
>
> Try writing a script which does it - eg.
>
> #!/bin/sh
> /etc/init.d/apache restart
>
> put that somewhere and make it setuid root, then in your perl code
> call
>
> system("/path/to/your/script &");
>
> which would launch it in the background and return control sensibly,
> I think.
>
> The 2 flaws are [1] you have no way to feed back success to the user
> - you could put a Refresh header in the returned page to jump to a
> status page - and [2] any script or user on your server would be able
> to restart it by running the setuid root script.
While that definitely will work, there is a better solution from
a security perspective. You write a small daemon that either
accepts simple messages via IP or a local socket, or just simply
looks for the existence of some file
'/home/httpd/restart-apache.now'.
When the daemon receives the message or spots the file on disk
it could handle the restart for you. Sure there is a bit of
a delay compared to issuing your own sigkill, but you don't have
as much exposure.
-------------------------------------------------------
Frank Wiles, Revolution Systems, LLC.
Personal : [EMAIL PROTECTED] http://www.wiles.org
Work : [EMAIL PROTECTED] http://www.revsys.com
