On Tue, Jan 23, 2024 at 2:12 PM EML <sa212+apa...@cyconix.com> wrote:
> > Let's take a step back - why are you unmounting from a cgi script? > > It's a one-time setup when a user configures a new system. Most of these > users aren't shell-literate, so they configure by ticking boxes on a web > page. The system is a VPS, so is actually a VM, which I hope isn't relevant. > > Anyway, when configuration completes, all the scripts are deleted and > Apache runs 'normally'. > IMO suexec would be better suited to handle more sensitive operations such as unmounting. CGI is not an interactive shell, as you discovered. Calling a separate script with the suid bit might work too.
