From owner-freebsd-questions  Thu Apr  2 14:48:06 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA22579
          for freebsd-questions-outgoing; Thu, 2 Apr 1998 14:48:06 -0800 (PST)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from falconsoft.com (guff@ns.falconsoft.com [206.112.36.6])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA22055
          for <freebsd-questions@FreeBSD.ORG>; Thu, 2 Apr 1998 14:46:51 -0800 (PST)
          (envelope-from guff@falconsoft.com)
Received: from localhost (guff@localhost)
	by falconsoft.com (8.8.8/8.8.7) with SMTP id RAA29549;
	Thu, 2 Apr 1998 17:46:35 -0500 (EST)
	(envelope-from guff@falconsoft.com)
Date: Thu, 2 Apr 1998 17:46:34 -0500 (EST)
From: Tim Gustafson <guff@falconsoft.com>
To: chas <panda@peace.com.my>
cc: freebsd-questions@FreeBSD.ORG
Subject: Re: How can CGI script execute root commands or edit root-owned  files ?
In-Reply-To: <3.0.32.19980403023610.009a1ad0@peace.com.my>
Message-ID: <Pine.BSF.3.96.980402174515.29543A-100000@falconsoft.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> One suggestion I've had was running the webserver
> as root but this seems to be considered
> not a good thing by and large. I was just looking
> at updating user records and DNS records in such
> a manner.

how about installing the suexec wrapper on the server, and then setting
the particular site's user to root?  that way other people on the site
can't use root's privelages, but you can?  I don't know if this is even
possible since suexec might not allow it, but it's a thought.

tim



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message