I have a question about CGI scripts,
I should execute a .sh script as root and I don't want change the owner of my cgi script for security reasons (to use suEXEC). So How can I use "su" or "sudo" commands to execute my sh script with root permissions through cgi?
I hope in you,
Bye.
Ps. Sorry for my English, I'm Italian. :)
Your message is clear, and what's more, I'd like to know the answer to this too!
I'm sure one of our expert Perl-mongers will come up with the answer soon. :)
I decided to post here because many times I solved my problems reading a post of this forum :)
Bye.
And this post is really interesting...
Heh, depends how you want to go about it...
You can write a perl script and use that as a cgi on your webserver to perform these tasks, but the problem is that you need to be root (or wheel/operator group will work for some OSes), and the webserver typically runs as the user "www", not root, or any of those. The solution is to create a setuid (setuid man page) bit perl script to run as root, but I know that Apache has some safeguards against running setuid CGIs, and perl is a little tricky on some OSes, so it won't let you run setuids, and also, your system may be running in such a way that it won't run setuid programs (it's often a mount option).The other way I've done things in the past is to give the "www" user a real shell and home directory, and so on... This is for use with PHP, rather than CGIs. It's definitely not recommended. Once the www user has a shell and home dir, it can many more things that it couldn't do before. for example, this is one way of getting php to run the "reboot" command:
click link, which brings you to "reboot.php"
reboot.php has a "passthru" or "exec" or "system" command which executes a custom-built setuid binary file in its home dir, called "shutphp.bin"
this shutphp.bin file is basically a wrapper, that is a basic "C" file, that looks like this (includes are probably wrong, but you get the idea).#include <stdio.h>
#include <stlib.h>void main() {
setuid(0);
setgid(0);
exec("/usr/sbin/reboot");
}compile that c file with gcc (gcc -o shutphp.bin shutphp.c).
cut....cut....cut...cut...
...but I don't know C and I don't know how do that. :(
Thank's for the help,
AngAnt.
