PHP or PERL CGI script permission question

paul.lkw · ‎08-01-2005

I want to create a web control panel for clients to check his quota or change password but PHP or PERL CGI execute script using the 'www' user permission. How can I override this? Does the world have any resources about doing this?

THX.

Ralph Grothe · ‎08-01-2005

Hi Paul,

you could install sudo, and edit a sudoers file (i.e. as root run visudo) where you would setup rules for user www to run the commands that were required for the quotas checking.

You can either get the sources from here

http://www.courtesan.com/sudo/

or if you happen to run 11i you could even get a prepackaged sudo depot from HP

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=HPUXIEXP1111

Another option maybe would be to get the Apache sources (if you're happening to be running this webserver) and build it for SuExec support
(albeit it was originally meant to rather restrict than empower rights)
Please see

http://httpd.apache.org/docs/2.0/suexec.html

Anyway, whatever cludge you use please bear in mind to devise utmost care with your CGIs as the restricted rights of httpd child procs were introduced for very good reasons.
Also you should devise some sort of taint checking of any client input, like Perl guarantees by its -T switch.
(if you happen to write your CGIs in Perl,
please also read "perldoc perlsec")

HTH
Ralph

Madness, thy name is system administration

Pat Lieberg · ‎08-02-2005

You could just make your CGI write to a file and have a background process that runs as whatever account you want that monitors this file and then executes whatever you need done.

As mentioned, be careful however you implement it. You don't want to open your server up to the world.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

PHP or PERL CGI script permission question

PHP or PERL CGI script permission question

Re: PHP or PERL CGI script permission question

Re: PHP or PERL CGI script permission question