Randall A Sindlinger on 13 Jan 2010 09:07:55 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Running Apache CGI scripts as root?

On Wed, Jan 13, 2010 at 11:10:18AM -0500, Mike Sheinberg wrote:
> So, I'm trying to solve an issue at my work where I need particular CGI
> scripts to have root access to a number of binaries. I have been messing
> with the sudoers file to try to grant this access to the particular binaries
> in question without requiring a password but since the 'apache' account has
> no shell (apache:x:48:48:Apache:/var/www:/sbin/nologin)  

The apache account has gid 48.  Is chgrp'ing the binaries to GID 48 w/mode
550 viable in your environment?

Or, if the binaries are already in a different group, can you add apache to
the group membership without introducing a security concern?

-Randall Sindlinger
 Systems Programmer
 CETS, School of Engineering and Applied Science
 University of Pennsylvania

Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug