Re: [users@httpd] suicidal suexec question.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 8/29/06, Gary W. Smith <gary@xxxxxxxxxxxxxxx> wrote:


I've been assigned to create a port listener to do some administrative
tasks on some of our local servers.  We have a web console application
that basically writes some data to a file and a cronjob picks it up.
That doesn't seem to be fast enough for what we need.  So it has been
deemed that we need to write an application that will listened for
requests from our apache pages.  Many these tasks need to be executed as
root.

Our ideas include running ssh on the local loopback with pub/priv key.
This can have some drawbacks as some commands are chained.  Instead of
writing a special port listener to do this work I was thinking that I
could compile a second copy of apache and run it on a different local
port (ex. 127.0.0.1:9000) and run the apps there under suexec privileges
for root.

I'm really looking for some ideas for the best approach and some
pointers on how to implement it.

Google for sudo, which is the canonical tool for these types of
problems.  Suexec will not run stuff as root unless you hack it.

Running a separate daemon on a different port is a good idea with
sudo, since it will allow you to isolate these requests under a
different account and very-specific permissions.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux