Date: Tue, 23 Sep 2008 00:32:00 +0200 From: Mel <fbsd.questions@rachie.is-a-geek.net> To: freebsd-questions@freebsd.org Cc: Matias Surdi <matiassurdi@gmail.com> Subject: Re: Run script as root from WebServer Message-ID: <200809230032.00517.fbsd.questions@rachie.is-a-geek.net> In-Reply-To: <gb90gf$ev7$1@ger.gmane.org> References: <gb90gf$ev7$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Monday 22 September 2008 22:51:26 Matias Surdi wrote:
> The problem is that some of these scripts deal with configuration files
> and some other tasks that require root privileges.
There's 2 alternatives I have used:
1) If the configuration files allow 'includes', then include a file that is
writeable by the webuser. This will additionally allow you to restrict what
the webserver can change in the config of this application. Note, that
configuration files that are modifyable by root only, often are for a reason,
so this does not improve the security of the service being configured, but it
takes a fork() and sudo out of the mix.
2) If the changes do not need to be immediate, then you can put it in a queue
directory and run a script through root's cron that picks up the queue and
runs the commands there in. You then have the opportunity to remove scripts
before they are run or even build in authorization.
--
Mel
Problem with today's modular software: they start with the modules
and never get to the software part.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200809230032.00517.fbsd.questions>