httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject Re: [users@httpd] suicidal suexec question.
Date Tue, 29 Aug 2006 15:50:47 GMT
On 8/29/06, Gary W. Smith <gary@primeexalia.com> wrote:
>
>
> I've been assigned to create a port listener to do some administrative
> tasks on some of our local servers.  We have a web console application
> that basically writes some data to a file and a cronjob picks it up.
> That doesn't seem to be fast enough for what we need.  So it has been
> deemed that we need to write an application that will listened for
> requests from our apache pages.  Many these tasks need to be executed as
> root.
>
> Our ideas include running ssh on the local loopback with pub/priv key.
> This can have some drawbacks as some commands are chained.  Instead of
> writing a special port listener to do this work I was thinking that I
> could compile a second copy of apache and run it on a different local
> port (ex. 127.0.0.1:9000) and run the apps there under suexec privileges
> for root.
>
> I'm really looking for some ideas for the best approach and some
> pointers on how to implement it.

Google for sudo, which is the canonical tool for these types of
problems.  Suexec will not run stuff as root unless you hack it.

Running a separate daemon on a different port is a good idea with
sudo, since it will allow you to isolate these requests under a
different account and very-specific permissions.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message