[sf-perl] How to get cgi program to invoke another program as a specific non-privileged user
David Alban
extasia at extasia.org
Sat May 19 11:04:13 PDT 2007
On 5/19/07, David Fetter <david at fetter.org> wrote:
> I think you might want to look into the fine-grained control that sudo
> provides. You can, for example, allow the "nobody" user to execute
> exactly one command without password authentication as the "build"
> user.
Oh yeah, I forgot to say that sudo is the *first* thing I tried. :-)
I added a line in /etc/sudoers that allowed apache (who owns our
httpd processes) to run the build too. Didn't work. I figured there
was a problem when from root I tried to su to apache to run the sudo
manually and su said something like user apache (who owns our httpd
processes) was unavailable. Probably doesn't have a shell. I didn't
look.
Or perhaps my lack of apache knowledge is at work here. Even though
user apache shows up in the process table as owning the httpd
processes, should I still try sudo for user 'nobody'? I can try that
on Monday.
> Yeah, I know it's not the perliest thing to do, but perl isn't the
> right tool for *every* job :)
TMTOTTDI? (more than one *tool*... :-)
--
Live in a world of your own, but always welcome visitors.
More information about the SanFrancisco-pm
mailing list