[nycphp-talk] Re: Safely running root commands
Faber Fedor
faber at linuxnj.com
Sun Feb 27 23:14:09 EST 2005
On 27/02/05 22:43 -0500, Hans Zaunere wrote:
> > > I've thought of three ways to do it: 1) have the sysadmin create a sudo
> > > user that can run the given commands with no password, 2) create a
> > > sudo user and store his name and password outside of the document root,
> > > or 3) write some C wrappers and set them suid. I'm not crazy about any
> > > of these solutions.
> >
> > When faced with these options, I would choose #1.
>
> The simplest and most straight forward would probably be number 1 or 2
> - but then don't forget that sudo is basically like giving them root
> for that command. If that command can modify, the sudo can too.
That's the point of sudo, isn't it? :-)
> 3) is probably the safest if written well, but then there lies the
> trick :) For complex root operations, like filesystem stuff,
Nothing that complex. What I'm doing is manipulating the mail queue:
viewing, deleting and holding email. Not all that dangerous, but email
is sancrosanct and only root is able to do those things.
> Since the scope of root operations needed in this case seem limited,
> I'd avoid root all together. How about a cronjob that dumps the info
> you need to a database, or even a file? Or a queue system...
No, the point is to have real-time manipulation of the mail queue in a
GUI. cron won't cut it, IMNSHO.
--
Regards,
Faber
Linux New Jersey: Open Source Solutions for New Jersey
http://www.linuxnj.com
More information about the talk
mailing list