httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacob Coby" <jc...@listingbook.com>
Subject Re: [users@httpd] suexec virtualhost: change user directive with authentification module??
Date Thu, 05 Sep 2002 15:20:17 GMT
There are a number of better ways to do what you need, including (but not
limited to):

1) running a cron job every hour that gathers the quotas for a user and
dumps it to a database -- whether a real database or a text-based berkeley
db or a csv text file
2) running a cron job every hour that dumps the user's quota stats in their
home directory
3) if you absolutly, positivly have to get the quotas for a user with up to
the ms accuracy, write a script that only executes the quota gathering, and
does proper security checks.  You can then SuEXEC this script as root, and
have it gather info on other people.  If you don't know what the "|>;" and
other characters do on a command line, I would recommend that you NOT do
this.  There are serious security implemecations here.  Find someone who
knows what they are, and have them write a script for you and show you how
to call it.

You really, really don't want to execute programs on your server as a
privledged user (and any use with a shell and access to binaries is a
privledged user IMO).

> tchesmeli serge wrote:
>
> >>You can write your own suid launcher to do that if you want, but be
> >>careful.
> >
> >
> > Do you know if that already exist?
>
> Not that I know of.  And I wouldn't trust such a program that I just
> came across on the Internet.  The only way I would even consider doing
> something like this is if I hard-coded a bunch of restrictions into the
> code (like allowing to run only that one program at a pre-defined path
> and allowing only a small set of pre-defined userids).  And even then,
> it would still be very dangerous.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message