Hey Chris - Please don't "Top Post" > -----Original Message----- > Is anyone familiar with the possibility of running iptables commands as a > non-root user? I am trying to execute commands from a web page without > running apache as root or going through reconfiguration of apache to allow > it to su root. It seems it would be easier to be able to allow a user > access to iptables commands. > > Larry S. Brown On Fri, Mar 28, 2003 at 10:17:57AM +0100, christopher cuse wrote: > hi larry, > > it is hard to imagine for what reason you would want to have apache be able > to su to root -- this could/would spell disaster in a production environment > and should be discouraged. iptables access from a non-root user as well is > exceptionally dangerous -- one command could render the network inoperable. > > apache has very robust security, so you should attempt your project within > the confines of apache. > > curious what exactly you have in mind ... Yes, Larry - what do you want apache to do? there is probably a better way to accomplish it rather than having apache become root. :-)
One option, if apache absolutely must become root is to use the "sudo" command and restrict apache to a single special purpose script that does only the exact and specific thing you need. If you are trying to use apache to administer a Linux box remotely I suggest looking at the "Webmin" package which allows you to do that and which you can add scripts to to extend the functionality. Webmin is extemely cool and useful even if only used as a local administration tool. > -- Jeff Kinz, Open-PC, Emergent Research, Hudson, MA. [EMAIL PROTECTED] copyright 2003. Use is restricted. Any use is an acceptance of the offer at http://www.kinz.org/policy.html. -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
