[olug] Perl CGI Priveledge elevation
Jay Hannah
jay at jays.net
Tue Sep 2 20:44:14 UTC 2003
On Tue, 2 Sep 2003, Daniel G. Linder wrote:
> Brandon Lederer [mailto:blederer at cashflowbilling.com] wrote:
> > i cant execute su <user> -c <command> and provide the
> > password for that user, to my knowledge. Help Anyone?
>
> How about setting up "sudo" and configure it so that the "<user>" can
> only execute a small set of explictly defined commands. This can be set
> up without any passwords required if you need it to be.
I, too, would strongly recommend sudo. SetUID/GID bits under Perl / Apache
gets pretty ugly, if you can get it working at all (I couldn't on Linux).
After a brief learning curve on how sudo works I've very, very glad to
have it in my bag of tricks. It's way flexible than the bits ever could
be, and not too painful to learn and get working.
j
Omaha Perl Mongers: http://omaha.pm.org
More information about the OLUG
mailing list