Re: Secure Web-Based Administration

From: Bill Weiss (houdini@nmt.edu)
Date: 01/21/03

  • Next message: Brian Hatch: "Re: Secure Web-Based Administration"
    Date: Mon, 20 Jan 2003 19:50:12 -0700
    From: Bill Weiss <houdini@nmt.edu>
    To: focus-linux@securityfocus.com
    
    

    Ryan(ryan@vbnet.net)@Fri, Jan 17, 2003 at 09:59:44AM -0500:
    > I would like to create some web pages/scripts (probably using PHP since I
    > use it for a lot of other things) to assist me in administering my linux
    > machine. What are some ways that I can execute certain administrative
    > commands (such as ifconfig,iwconfig,route,scripts in my /etc/init.d/
    > directory, etc...) as root?
    > I'm fairly familiar with the different access-control methods available to
    > me to restrict access to these pages. I will definitely be using SSL with
    > a self-signed certificate. I'm just not sure how to get my web server
    > (which doesn't run as root and I want to keep it that way) to execute
    > these commands with superuser privileges.
    > Thanks

    Set up sudo to allow the web server user ("apache", maybe) to run
    those commands as root without a password.

    -- 
    Bill Weiss
    


    Relevant Pages

    • Re: AIX 5.1/5.2/5.3 local root exploits (diag issue)
      ... > environment variable as a prefix to an external binary executed as root. ... A vulnerability was discovered in the diag script that may allow any user ... To determine if this fileset is installed, execute the following ... various suid root AIX commands invoke the diag ...
      (Bugtraq)
    • SUMMARY: Logging all commands executed by user root to LogLogic device
      ... the KSH shell. ... I am monitoring the shell scripts that execute as root to ... Logging all commands executed by user root to LogLogic ...
      (SunManagers)
    • Re: What is the difference between "su" and "sudo" ?
      ... There are two different ways to execute "su": ... usually restricted to the super-user (root). ... hearing of anybody's using sudo to allow a person to execute specially- ... priviledged commands of some user *other* than root though maybe it ...
      (comp.os.linux.misc)
    • htpasswd bufferoverflow and command execution in thttpd-2.25b.
      ... non-priveledged user to circumvent sudo acls for example. ... If perhaps sudo is being used to limit what commands a user can ... user larry is not allowed to execute '/usr/bin/id' as root on mog. ...
      (Bugtraq)
    • Re: GNOME hangs
      ... from root do following bash ... The suggestion for this cure was: from root do ... Anyway, I guess you've learned your lesson, don't just copy and execute ... commands from a root shell. ...
      (Fedora)