On Fri, 27 Sep 2013 11:18:40 +0200, Michael BlackHeart <amdm...@gmail.com>
wrote:
Hello there,
It's quite off-topic, but I'm using freebsd-stable,so
The priblem is - running a script that requires root privileges via PHP
(or
probably CGI - I do not care, just want it to be secure and working).
It's all about minidlna service (I use upnp to so mediatomb and other are
no options). On FreeBSD it should be resync-ed manually, so I've got a
simple script placed in /etc/periodic/daily:
more 957.dlna_update
#!/bin/sh
#Script to daily update minidlna DB
a="$*"
if (/usr/local/etc/rc.d/minidlna stop 1>/dev/null);then
sleep 10
if /usr/local/etc/rc.d/minidlna rescan;then
/usr/bin/logger -t minidlna "DB updated."
exit 0
else
/usr/bin/logger -t minidlna "Error. Failed to update DB."
exit 1
fi
else
/usr/bin/logger -t minidlna "Error. Failed to update DB."
exit 1
fi
And it's working fine to me. But it uses service infrastructure. So when
I'm trying to run via PHP it fails. For example running under
unprivileged
user:
id
uid=1001(amd_miek) gid=0(wheel) groups=0(wheel),5(operator)
-rwsr-sr-x 1 root wheel 394 27 сен 10:58 957.dlna_update*
sh -x 957.dlna_update
+ a=''
+ /usr/local/etc/rc.d/minidlna stop
kill: 10786: Operation not permitted
+ /usr/bin/logger -t minidlna 'Error. Failed to update DB.'
+ exit 1
What is the best way to run it via WEB?
You can't setuid a shell script. The executable actually is '/bin/sh'
which just reads the shell script. So you should setuid /bin/sh which is a
security problem.
You can use sudo to do this. (/usr/ports/security/sudo)
Ronald.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
