Hey - he's already allowing anonymous changes to his network stack. Might as well go nuts. Rob Marti > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Elliott, Andrew > Sent: Thursday, September 16, 2010 1:31 PM > To: General Red Hat Linux discussion list > Subject: RE: Automation of Administrative Tasks on an RHEL Box > > It would, but only if the sudoers file has been configured to give the apache > (or www user account) access to run scripts as root... > > I'm pretty sure that nobody puts their apache user in the sudoers file... > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx [mailto:redhat-list- > bounces@xxxxxxxxxx] On Behalf Of Sanjay Chakraborty > Sent: Thursday, September 16, 2010 2:27 PM > To: General Red Hat Linux discussion list > Subject: Re: Automation of Administrative Tasks on an RHEL Box > > > sudo would work. > true. > > Beside sudo, RHEL 5 works well with ACL ( it is part of default setting in > filesytem level in super block). Add user or group in ACL (access control list) > and the user can do the thing. > See man page of setfacl/getfacl > > On Thu, Sep 16, 2010 at 2:06 PM, Marti, Robert <RJM002@xxxxxxxx> wrote: > > sudo would work. > > > > > > > > Sent from my iPhone > > > > On Sep 16, 2010, at 1:03 PM, "Devarishi Kumar Mahadeva" > <dk_mahadeva@xxxxxxxxx> wrote: > > > >> Hi All, > >> > >> > >> Here is a good scenario of Automation of Administrative Tasks (it > >> was presented before me in an interview at a Defense Department, > Navy): > >> > >> Design a Web Interface using PHP (we can use Perl also) that has fields > for: > >> > >> IP Address, Default Gateway, Subnet Mask, etc. and when the values > >> are submitted the Linux Server (RHEL) should be able to process the > >> request and change the Network information accordingly and restart > >> the Network Services. (It it noteworthy that such a Web Interface is > >> to be used on an Intranet and is for testing purpose only, we really > >> do not intend to invite any security vulnerabilities by allowing > >> anyone to change the Network Settings.) > >> > >> The only point here is how to get a (CGI-)Script (PHP or Perl) be > >> able to perform the tasks of an Administrator, i.e. execute commands > >> that only the root user or a user with some root privileges can issue. > >> > >> We can easily pass values to a PHP / Perl or even to a Shell Script > >> program on the server.... in /var/www/cgi-bin or /var/www/html > >> directories. But how will it run with the root privileges? > >> > >> With regards, > >> > >> Devarishi Kumar Mahadeva. > >> > >> ________________________________ > >> > >> (UNIX Application Support) > >> HCL Technologies Ltd., > >> Infra Tower, Plot No. A 3, Sector 126, SEZ Noida (Uttar Pradesh) - > >> India. > >> Mobile No.: +919999355295 > >> > >> ________________________________ > >> > >> > >> > >> -- > >> redhat-list mailing list > >> unsubscribe mailto:redhat-list- > request@xxxxxxxxxx?subject=unsubscribe > >> https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > -- > Regards. > Sanjay Chakraborty > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
