Re: Apache able to open tty
Em 21-01-2014 23:48, David Sticht escreveu: Ted, Thank you so much for responding. I understand all of the words you used. However, this definitely goes beyond what I have done yet. I will need for the apache server to instigate the request. I imagine I would want a vast majority of the scripting to be run via CGI as normal calling out to the daemon when the connection is necessary. The part where I get very fuzzy is having the CGI script call out to a daemon which would be perhaps a “wrapper” for my PERL scripting that manages the process of making connections and retrieving data from my network devices. Would you be able to provide any links or verbiage I could search to head me in the right direction to figuring out this process? On Jan 20, 2014, at 7:38 PM, Ted Unangst t...@tedunangst.com wrote: On Wed, Jan 15, 2014 at 14:25, David Sticht wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Take a look on the nagios-chroot package. It works exactly like this. There is a chrooted web interface that communicates with a daemon which executes commands in it's behalf. I advise against changing the user of apache or running it as root to be able to open the tty's. Cheers, -- Giancarlo Razzolini GPG: 4096R/77B981BC
Re: Apache able to open tty
Ted, Thank you so much for responding. I understand all of the words you used. However, this definitely goes beyond what I have done yet. I will need for the apache server to instigate the request. I imagine I would want a vast majority of the scripting to be run via CGI as normal calling out to the daemon when the connection is necessary. The part where I get very fuzzy is having the CGI script call out to a daemon which would be perhaps a “wrapper” for my PERL scripting that manages the process of making connections and retrieving data from my network devices. Would you be able to provide any links or verbiage I could search to head me in the right direction to figuring out this process? On Jan 20, 2014, at 7:38 PM, Ted Unangst t...@tedunangst.com wrote: On Wed, Jan 15, 2014 at 14:25, David Sticht wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Build a small daemon that does whatever it is needs doing, run it as a user with the correct privileges, then have the www user talk to that via a socket.
Re: Apache able to open tty
Does anybody have a suggestion? I'm nearly ready to present an early peek to my company that will help them to realize the benefits of OpenBSD and PERL. Sent from my iPhone On Jan 15, 2014, at 14:25, David Sticht vdubjun...@vdubjunkie.net wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Sent from my iPhone
Re: Apache able to open tty
On Wed, Jan 15, 2014 at 14:25, David Sticht wrote: Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Build a small daemon that does whatever it is needs doing, run it as a user with the correct privileges, then have the www user talk to that via a socket.
Apache able to open tty
Understanding the risks I am wanting to either allow the www user right to open tty or change the user running the apache daemon. I am developing a suite of intranet tools with perl to perform some network diagnostics. Does anybody have a suggestion to move me in the right direction? Sent from my iPhone