What you are doing with sudo is allowing a user to run a priviledged application and you can be very restrictive. Suppose that you wanted to read your syslog through a web page. A standard user can not access the file, but if you add to the susoers file:
cat /var/log/syslog for www-data (apache user) then that is all they can do, they can't cat any other file that requires root access. In fact the command must be specified as above on the command line. If cat options are added, it won't work. I think that it is about the easiest and safest way to do it. Robert LeBlanc -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alvin A ONeal Jr Sent: Wednesday, September 28, 2005 1:01 PM To: [EMAIL PROTECTED]; BYU Unix Users Group Subject: Re: [uug] Web user running script as root Ryan, > I had to do this to get my x10 flipit script to run. the solution is to > use sudo. basically, you run visudo and specify which users can run which > commands as root. You're suggesting that you would allow apache sudo access, correct? So wouldn't any user on your system then be able to create a script using sudo to gain root privileges? That would be bad, methinks. Perhaps I'm misunderstanding something? Shouldn't there be a safer way? Some sort of configuration with which you could specify a particular script can run as root rather than the whole webserver. -- 8^) Laterz- ~Alvin http://CoolAJ86.Havenite.net --- Pencils are like dogs. ~ Chase Quintana @ SCS during lunch detention -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
