From owner-freebsd-isp Mon Jun 26 9:42:43 2000 Delivered-To: freebsd-isp@freebsd.org Received: from dt051n0b.san.rr.com (dt051n0b.san.rr.com [204.210.32.11]) by hub.freebsd.org (Postfix) with ESMTP id B8B9037B9CE for ; Mon, 26 Jun 2000 09:42:39 -0700 (PDT) (envelope-from DougB@gorean.org) Received: from gorean.org (doug@master [10.0.0.2]) by dt051n0b.san.rr.com (8.9.3/8.9.3) with ESMTP id JAA10019; Mon, 26 Jun 2000 09:40:17 -0700 (PDT) (envelope-from DougB@gorean.org) Message-ID: <39578770.D379B114@gorean.org> Date: Mon, 26 Jun 2000 09:40:16 -0700 From: Doug Barton Organization: Triborough Bridge & Tunnel Authority X-Mailer: Mozilla 4.72 [en] (X11; U; FreeBSD 5.0-CURRENT-0603 i386) X-Accept-Language: en MIME-Version: 1.0 To: Leif Neland Cc: InvictaNet Customer Support , Freebsd-ISP Subject: Re: DNS References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Leif Neland wrote: > > On Mon, 26 Jun 2000, InvictaNet Customer Support wrote: > > > Hi > > > > However, we can't get the script to run as root (on FreeBSD 3.x). I have > > tried suid on its own and by using a c wrapper as explained in the perl > > docs. Neither works. > > Don't run as root then. > Run, and let the files be owned by another user. Perhaps even run named in > a sandbox. Another possible solution is sudo. Install it from the ports and add your CGI user with the ability to run certain commands without a password. I would recommend that you create a script that only does 'ndc reload' instead of giving the CGI user total access to ndc... just in case. Good luck, Doug -- "Live free or die" - State motto of my ancestral homeland, New Hampshire Do YOU Yahoo!? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message