Brad Hubbard wrote:
> I'm in the planning stages of a smallish app that will need to run some shell
> commands that generally require root privileges to run (eg: route, ifconfig,
> ifup). I know this is a security nightmare but I don't really have a choice,
> I have to provide this functionality through a web based interface. What is
> the accepted way of accomplishing this? I've considered assigning nobody to a
> privileged group, sudo, changing exec permissions (last resort).
>
> Opinions???
If you can live without realtime, one way of handling this is to have
the httpd user write out a file with commands to be run, and a root cron
job (set to run as frequently as every minute) watch for that file and
act upon it when it exists. Obviously, there would be some lag, but it
would be one way to handle the security side of this issue.
--
_______ ___ _ ____ _____
Chris Hobbs / ____\ \ / / | | |/ ___\| __ \
Head Geek | (___ \ \ / /| | | | (___ | | | |
WebMaster \___ \ \ \/ / | | | |\___ \| | | |
PostMaster ____) | \ / | |__| |____) | |__| |
\____/ \/ \____/ \____/|_____/
http://www.silvervalley.k12.ca.us
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]