httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eugene Geldenhuys" <euge...@tfx.com.au>
Subject Re: [users@httpd] CGI under Apache 2.0.40 - Won't someone please help me?
Date Sat, 16 Aug 2003 02:31:08 GMT
Thank you, thank you, thank you

I was beginning to lose it a little
For anyone else who has encountered this problem, simply edit the 
sudo file with visudo, add in a line:

apache		ALL=<list of progs to run>	NOPASSWD: ALL

You can also tie it down to a particular host:

apache		hostaddr=<list of progs>	NOPASSWD: ALL

If you want the group apache to execute commands:

%apache	ALL=<list of progs to run>	NOPASSWD: ALL

Again, thank you

On 15 Aug 2003 at 21:23, Joshua Slive wrote:

> 
> On Sat, 16 Aug 2003, Eugene Geldenhuys wrote:
> > So the question remains, how do I execute system binaries from
> > within a cgi script?
> 
> I think what you are missing is that this has really nothing at all to
> do with cgi scripts and everything to do with user permissions.  A cgi
> script can only do what the executing user has permission to do.  The
> executing user differs depending on whether suexec is used or not. 
> But in general, since the executing user will not be root, you won't
> be able to do system tasks that require root access.
> 
> One way to verify this: find the user that the cgi script will be
> running under (User/Group or SuexecUserGroup depending on whether
> suexec is in use) and "su" to that user.  (eg. su apache.)  Then try
> to run whatever script you want the cgi script to run.  If you can't
> do it that way, then the cgi script will never be able to do it.
> 
> People who want to elevate priveleges on a limited basis often use a
> program called sudo.  It is most likely included with Redhat, so you
> can look at the man page to see how it works.
> 
> Joshua.
> 
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project. See <URL:http://httpd.apache.org/userslist.html> for more
> info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>    "   from the digest: users-digest-unsubscribe@httpd.apache.org For
> additional commands, e-mail: users-help@httpd.apache.org
> 

Best Regards
Eugene Geldenhuys
MCNE ECNE MCSE MCP

TFX SOLUTIONS -
PROFESSIONAL NETWORK DESIGN ,IMPLEMENTATION AND 
SUPPORT


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message