You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by tanmaya Anand <ta...@techie.com> on 2003/04/27 07:27:59 UTC
[users@httpd] Reg Apache Configuration
Hi all,
I have to create a web interface for controlling/administering Linux, using apache as web server. For Example, There is a web page which allows you to enter you DNS server(s), then, as soon as the user clicks the submit button, the modified information should be written to /etc/resolv.conf & "service named restart" command should be executed.
I'm able to write the information to resolv.conf, but i'm unable to execute the command. In my view, this is some permissions problem( as apache is
running under user "nobody", with minimum privileges), but I'm unable to rectify that.
I'm a new to apache.
Also kindly tell me the optimum configuration to just give above kind of access from just one directory & keep the rest very restricted.
Thanks,
Tanmay
--
__________________________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reg Apache Configuration
Posted by animesh bansriyar <an...@neolinuxsolutions.com>.
First of all, please wrap your lines at < 74 chars.
On Sun, 27 Apr 2003, tanmaya Anand wrote:
>
> I have to create a web interface for controlling/administering Linux, using apache as web server. For Example, There is a web page which allows you to enter you DNS server(s), then, as soon as the user clicks the submit button, the modified information should be written to /etc/resolv.conf & "service named restart" command should be executed.
>
> I'm able to write the information to resolv.conf, but i'm unable to execute the command. In my view, this is some permissions problem( as apache is
> running under user "nobody", with minimum privileges), but I'm unable to rectify that.
>
You are correct in your assesment of the problem, we had also been facing
this problem. What we did was move to another webserver, Xitami which can
run as root. I think we can run apache as root but that is dangerous as I
have heard. I would also like to know more about it.
--
Animesh
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reg Apache Configuration
Posted by Nikunj Virani <ni...@netsurf.co.in>.
Yes. SetUID Scripts are one of the best solutions for your problems. I have
worked with many linux based control panels before and have used setUID perl
scrips for the purpose. For security reasons you must make sure that there
is only a controlled access to your servers. BTW which scripting language
are you using for creating webpages ?
Regards,
Nikunj Virani
----- Original Message -----
From: "tanmaya Anand" <ta...@techie.com>
To: <us...@httpd.apache.org>
Sent: Sunday, April 27, 2003 10:57 AM
Subject: [users@httpd] Reg Apache Configuration
> Hi all,
>
> I have to create a web interface for controlling/administering Linux,
using apache as web server. For Example, There is a web page which allows
you to enter you DNS server(s), then, as soon as the user clicks the submit
button, the modified information should be written to /etc/resolv.conf &
"service named restart" command should be executed.
>
> I'm able to write the information to resolv.conf, but i'm unable to
execute the command. In my view, this is some permissions problem( as apache
is
> running under user "nobody", with minimum privileges), but I'm unable to
rectify that.
>
> I'm a new to apache.
>
> Also kindly tell me the optimum configuration to just give above kind of
access from just one directory & keep the rest very restricted.
>
> Thanks,
> Tanmay
> --
> __________________________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Reg Apache Configuration
Posted by Tim Wort <ti...@pobox.com>.
On Sun, 27 Apr 2003, tanmaya Anand wrote:
> Hi all,
>
> I have to create a web interface for controlling/administering Linux,
> using apache as web server. For Example, There is a web page which
> allows you to enter you DNS server(s), then, as soon as the user
> clicks the submit button, the modified information should be written
> to /etc/resolv.conf & "service named restart" command should be
> executed.
>
> I'm able to write the information to resolv.conf, but i'm unable to
> execute the command. In my view, this is some permissions problem( as
> apache is running under user "nobody", with minimum privileges), but
> I'm unable to rectify that.
First, I hope there is controlled access to this server. In order to
restart named you need root access. This means you need a program that is
SUID to send the SIGHUP to named.
If I remember correctly setuid is not particularly easy to use in Linux,
may be version dependant, you might be forced to wrap your script with a
setuid C program wrapper. I'll leave that to the Linux gurus.
It seems to me this really isn't a Apache problem.
>
> I'm a new to apache.
>
> Also kindly tell me the optimum configuration to just give above kind
> of access from just one directory & keep the rest very restricted.
>
> Thanks,
> Tanmay
> --
> __________________________________________________________
> Sign-up for your own FREE Personalized E-mail at Mail.com
> http://www.mail.com/?sr=signup
>
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
>
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
= Inkling Research Inc. =
= Tim.Wort@InklingResearch.com =
= Tim.Wort@pobox.com =
= =
= Eschew Obfuscation =
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org