[Gllug] Apache access to root-owned files
Jason Clifford
jason at ukfsn.org
Thu Jan 25 16:16:40 UTC 2007
On Thu, 25 Jan 2007, Christopher Mocock wrote:
> I'm in the process of writing a Python CGI script which allows the IP
> address of a headless Linux box to be changed using a form on a web
> page. The script works fine although it's currently only writing to an
> ifcfg-eth0 file which is owned by apache.
>
> Obviously when finished, the script needs to be able to write to the
> root-owned /etc/sysconfig/network-scripts/ifcfg-eth0 file.
>
> The question is, what's the best (i.e. least insecure) way to do this?
> I'll use .htaccess to make sure authenticated users only have access to
> the CGI page, but obviously I'm concerned about the fact that something
> may have to run as root temporarily in order to write the file.
sudo calling a single command to effect the necessary change?
That way you can configure sudo to only allow that specific command to be
used with root privileges.
jason
--
UKFSN.ORG Finance Free Software while you surf the 'net
http://www.ukfsn.org/ up to 8Mb ADSL Broadband from just £14.98
http://www.linuxadsl.co.uk/ ADSL routers from just £21.98
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list