Re: [Hampshire] Running a script that needs to do a rooty th…

Top Page
This message is part of the following thread:
M+--+\the complete thread tree sorted by date
MM..MMTim Brocklehurst at <-
MM+\Dominic Cleal at ->

Reply to this message
Author: Vic
Date:  
To: hampshire
Subject: Re: [Hampshire] Running a script that needs to do a rooty thing

> It would be daft to make www-data a sudoer and I'm not sure how I would do
> that anyway. Any ideas on how to achieve this, or alternatives?

Factor out the couple of bits that need root privilege, and put them in
their own scripts. Make those scripts executable only by the www-data
user, and then make them setuid.

Your main script can then run with reduced privilege, and call the setuid
ones as necessary.

Vic.



This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Will there be a meeting on 4 December?Re: [Hampshire] Running a script that needs to do a rooty thing->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)