Re: Maby a litle OT but: apache+sh CGI script
From: Zergin (idioten@poczta.onet.pl)Date: 05/22/02
- Next message: Nico Kadel-Garcia: "Re: IP address <--> Global Positioning System (GPS)"
- Previous message: Tim Haynes: "Re: The best GUI for ipchains and/or iptables?"
- In reply to: Nico Kadel-Garcia: "Re: Maby a litle OT but: apache+sh CGI script"
- Next in thread: Nico Kadel-Garcia: "Re: Maby a litle OT but: apache+sh CGI script"
- Reply: Nico Kadel-Garcia: "Re: Maby a litle OT but: apache+sh CGI script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Zergin" <idioten@poczta.onet.pl> Date: Wed, 22 May 2002 14:21:16 +0200
>
> It *CAN*, but you need to select appropriate options for it compilation
time
> for the suexec module. Very few people do, it's just too damned dangerous
to
> allow.
>
>
Didn't know that. But any way I would'n do so. I've got it working this way
that the http user is added to sudoers and may execute (w/o pass.) only
thouse commands that it realy needs for the script. And in the script every
command needing root priv. is executed with sudo before. Then the script is
executed with http priv. and only some commands run as root.
What do you think of that? Is this really killing my sys. security? Guess
it's safer then giving apache full root priv.
TIA,
M.
- Next message: Nico Kadel-Garcia: "Re: IP address <--> Global Positioning System (GPS)"
- Previous message: Tim Haynes: "Re: The best GUI for ipchains and/or iptables?"
- In reply to: Nico Kadel-Garcia: "Re: Maby a litle OT but: apache+sh CGI script"
- Next in thread: Nico Kadel-Garcia: "Re: Maby a litle OT but: apache+sh CGI script"
- Reply: Nico Kadel-Garcia: "Re: Maby a litle OT but: apache+sh CGI script"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
