Re: Secure Web-Based Administration

From: John Allman (allmanj@houseofireland.com)
Date: 01/22/03

  • Next message: Bill Weiss: "Re: Secure Web-Based Administration"
    Date: Wed, 22 Jan 2003 16:46:24 +0000
    From: John Allman <allmanj@houseofireland.com>
    To: focus-linux@securityfocus.com
    
    

    Ryan wrote:

    >I would like to create some web pages/scripts (probably using PHP since I
    >use it for a lot of other things) to assist me in administering my linux
    >machine. What are some ways that I can execute certain administrative
    >commands (such as ifconfig,iwconfig,route,scripts in my /etc/init.d/
    >directory, etc...) as root?
    >I'm fairly familiar with the different access-control methods available to
    >me to restrict access to these pages. I will definitely be using SSL with
    >a self-signed certificate. I'm just not sure how to get my web server
    >(which doesn't run as root and I want to keep it that way) to execute
    >these commands with superuser privileges.
    >Thanks
    >
    >Ryan
    >ryan@vbnet.net
    >
    Have you looked at webmin? Might have modules for the things you are
    looking for (or there may be some in development. might be worthwhile
    looking on freshmeat?)

    One way around this if you have to write your own is to make a binary
    owned by root (or whatever user you need the privaleges of), set it's
    suid bit and call it from your php/whatever script. Probably not ideal
    though

    John