On 8/29/06, Gary W. Smith <gary@xxxxxxxxxxxxxxx> wrote:
I've been assigned to create a port listener to do some administrative tasks on some of our local servers. We have a web console application that basically writes some data to a file and a cronjob picks it up. That doesn't seem to be fast enough for what we need. So it has been deemed that we need to write an application that will listened for requests from our apache pages. Many these tasks need to be executed as root. Our ideas include running ssh on the local loopback with pub/priv key. This can have some drawbacks as some commands are chained. Instead of writing a special port listener to do this work I was thinking that I could compile a second copy of apache and run it on a different local port (ex. 127.0.0.1:9000) and run the apps there under suexec privileges for root. I'm really looking for some ideas for the best approach and some pointers on how to implement it.
Google for sudo, which is the canonical tool for these types of problems. Suexec will not run stuff as root unless you hack it. Running a separate daemon on a different port is a good idea with sudo, since it will allow you to isolate these requests under a different account and very-specific permissions. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx