> At my last company, I built a monstrosity out of perl, an xmlrpc server > running as root that used https as the transport and client certificate > verification to authenticate incoming connections. I wrote a php class > to connect to the xmlrpc server with the client cert and send it > commands to be executed as root. It was kind of slow.
This is exactly what I want to avoid. Running specific commands is simple enough, however my big stumbling block is that the script have to be able to handle out of band configuration changes, and they don't want to have to bother with chown if they do something on a different username. At least I can run a specific apache on a different port, connectable only though a VPN. I am aware that if a local account gets compromised it would be a problem, however they don't care about that. _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
