[sf-perl] How to get cgi program to invoke another program as a specific non-privileged user

David Alban extasia at extasia.org
Sat May 19 11:04:13 PDT 2007


On 5/19/07, David Fetter <david at fetter.org> wrote:
> I think you might want to look into the fine-grained control that sudo
> provides.  You can, for example, allow the "nobody" user to execute
> exactly one command without password authentication as the "build"
> user.

Oh yeah, I forgot to say that sudo is the *first* thing I tried. :-)

 I added a line in /etc/sudoers that allowed apache (who owns our
httpd processes) to run the build too.  Didn't work.  I figured there
was a problem when from root I tried to su to apache to run the sudo
manually and su said something like user apache (who owns our httpd
processes) was unavailable.  Probably doesn't have a shell.  I didn't
look.

Or perhaps my lack of apache knowledge is at work here.  Even though
user apache shows up in the process table as owning the httpd
processes, should I still try sudo for user 'nobody'?  I can try that
on Monday.

> Yeah, I know it's not the perliest thing to do, but perl isn't the
> right tool for *every* job :)

TMTOTTDI?  (more than one *tool*...  :-)

-- 
Live in a world of your own, but always welcome visitors.


More information about the SanFrancisco-pm mailing list