You are viewing a plain text version of this content. The canonical link for it is here.

Posted to modperl@perl.apache.org by Michael <mi...@insulin-pumpers.org> on 2003/07/30 03:32:23 UTC

privileged execution

I have a web application for that needs to execute a privileged 
command on its host for administrative purposes. Can someone suggest a
good solution that will allow 'nobody' to execute the script command
but still keep it secure from other users on the same host.

Thanks.
Michael@Insulin-Pumpers.org

Re: privileged execution

Posted by Michael <mi...@insulin-pumpers.org>.

> Mike P. Mikhailov wrote:
> > Hello Michael,
> > 
> > Wednesday, July 30, 2003, 7:32:23 AM, you wrote:
> > 
> > M> I have a web application for that needs to execute a privileged 
> > M> command on its host for administrative purposes. Can someone suggest a
> > M> good solution that will allow 'nobody' to execute the script command
> > M> but still keep it secure from other users on the same host.
> > 
> > M> Thanks.
> > M> Michael@Insulin-Pumpers.org
> > 
> > You may start internal separate process with priveleges as required
> > for your tasks and talk with him from apache unpriveleged process to
> > do privileged job.
> 
> That and Lincoln Stein wrote a tpj article: "Safely Empowering Your CGI 
> Scripts" back in Summer 1998:
> http://www.foo.be/docs/tpj/issues/vol3_2/tpj0302-0006.html
> Of course you will probably want to use a more modern library to do the job, 
> e.g. IPC::Run.
> 

Thanks guys.

Michael
Michael@Insulin-Pumpers.org

Re: privileged execution

Posted by Stas Bekman <st...@stason.org>.

Mike P. Mikhailov wrote:
> Hello Michael,
> 
> Wednesday, July 30, 2003, 7:32:23 AM, you wrote:
> 
> M> I have a web application for that needs to execute a privileged 
> M> command on its host for administrative purposes. Can someone suggest a
> M> good solution that will allow 'nobody' to execute the script command
> M> but still keep it secure from other users on the same host.
> 
> M> Thanks.
> M> Michael@Insulin-Pumpers.org
> 
> You may start internal separate process with priveleges as required
> for your tasks and talk with him from apache unpriveleged process to
> do privileged job.

That and Lincoln Stein wrote a tpj article: "Safely Empowering Your CGI 
Scripts" back in Summer 1998:
http://www.foo.be/docs/tpj/issues/vol3_2/tpj0302-0006.html
Of course you will probably want to use a more modern library to do the job, 
e.g. IPC::Run.

__________________________________________________________________
Stas Bekman            JAm_pH ------> Just Another mod_perl Hacker
http://stason.org/     mod_perl Guide ---> http://perl.apache.org
mailto:stas@stason.org http://use.perl.org http://apacheweek.com
http://modperlbook.org http://apache.org   http://ticketmaster.com

Re: privileged execution

Posted by "Mike P. Mikhailov" <mi...@sibtel.ru>.

Hello Michael,

Wednesday, July 30, 2003, 7:32:23 AM, you wrote:

M> I have a web application for that needs to execute a privileged 
M> command on its host for administrative purposes. Can someone suggest a
M> good solution that will allow 'nobody' to execute the script command
M> but still keep it secure from other users on the same host.

M> Thanks.
M> Michael@Insulin-Pumpers.org

You may start internal separate process with priveleges as required
for your tasks and talk with him from apache unpriveleged process to
do privileged job.

-- 
WBR, Mike P. Mikhailov

mailto: mike@sibtel.ru
ICQ:    280990142

Just because something is obviously happening doesn't mean something obvious is happening.