Cobalt RaQ runs apache as root so that their front-end can run with root
perms. You could use cgiwrap for the same effect, i suppose. there is also
webmin, which runs with root priveleges. but webmin has its own httpd server
coded in perl (thereby reducing the chances of buffer overflows and such)
as webmin comes with a BSD style licence, you could cannibalize it for your
needs
there was a thread on bugtraq about the merits of running apache as root.
as apache has a pretty good safety record, you should be able to run apache
as root pretty safely. however if you are a little more paranoid, try cgiwrap.
BEWARE: the idea of running a CGI script to administrate a server is pretty
idiotic, in my opinion. i am trying to code a web based front end for
virtual/ip hosting web servers like cobalt's, so i understand the necessity in
certain cases. however, it is frightening and goes against all accepted
security norms.
kk
On Wed, Jun 27, 2001 at 11:12:34PM -0400, Bill Pierson wrote:
> Thanks for your replies. Actually, I'd like to be able to modify system
> config files, stop and restart daemons, etc.
>
> I'm not aware of the different ways to accomplish this; any tips would be
> appreciated.
>
> The server is in a "protected" environment.....
>
>
> --Bill
>
>
> -----Original Message-----
> From: Farouk Khawaja [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, June 27, 2001 10:44 PM
> To: Bill Pierson; [EMAIL PROTECTED]
> Subject: Re: Running PERL as root
>
> ---- Bill Pierson <[EMAIL PROTECTED]> wrote:
> > I have a quick question about running a perl
> program as root via CGI.
> > I would assume it's platform dependant, and in my
> situation I have Linux
> > Redhat 7.1 w/Apache 1.3.19 webserver.
> >
> > This question is a little off-topic, however I'm
> guessing that a few of you
> > may have tackled this issue before.
> >
> > Thanks again,
> > --Bill
>
> I wouldn't run any CGI script as root, no matter how
> securly I belive I've written it. What are you
> trying to do that would require root permission to
> accomplish?
>
> Maybe you can explore alternatives.
>
>
