[olug] Perl CGI Priveledge elevation

Jay Hannah jay at jays.net
Tue Sep 2 20:44:14 UTC 2003


On Tue, 2 Sep 2003, Daniel G. Linder wrote:
> Brandon Lederer [mailto:blederer at cashflowbilling.com] wrote:
> > i cant execute su <user> -c <command> and provide the
> > password for that user, to my knowledge.  Help Anyone?
>
> How about setting up "sudo" and configure it so that the "<user>" can
> only execute a small set of explictly defined commands.  This can be set
> up without any passwords required if you need it to be.

I, too, would strongly recommend sudo. SetUID/GID bits under Perl / Apache
gets pretty ugly, if you can get it working at all (I couldn't on Linux).

After a brief learning curve on how sudo works I've very, very glad to
have it in my bag of tricks. It's way flexible than the bits ever could
be, and not too painful to learn and get working.

j
Omaha Perl Mongers: http://omaha.pm.org






More information about the OLUG mailing list