Run script as root from WebServer
ccowart at rescomp.berkeley.edu
Mon Sep 22 21:25:50 UTC 2008
Matias Surdi wrote:
> I'm using mod_python3 and apache22 to create some scripts and access them
> through a web interface.
> The problem is that some of these scripts deal with configuration files and
> some other tasks that require root privileges.
> In the past, I've solved this issue by using sudo and allowing just the
> commands I want to allow in the sudoers file to the apache user.But I'm
> wondering if this is the better way to do what I want to do.
> What would you do in such a situation?
I think sudo is pretty much _the_ way to accomplish this. Not that it
would be your only option per se, but I think it's definitely your best
We maintain a number of scripts that serve very restricted purposes for
the use of our web user with sudo.
www WIFIROUTERS = (root) NOPASSWD: WIRELESS
This allows the www user to run the wireless connection setup/teardown
scripts as root without typing a password on wireless routers. We use
this to allow a transparent proxy web-app to move the user to the
"authenticated" firewall context. Our sudoers file (shared across
roughly 100 machines) is littered with other examples ranging from
allowing users to sa-learn in mailman to nagios monitoring and remote
sync jobs for DNS/DHCP.
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080922/fb4b2732/attachment.pgp
More information about the freebsd-questions