Re: [Haserl-users] help request
Brought to you by:
nangel
Menu
▾
▴
Re: [Haserl-users] help request
|
From: Scott S. <ha...@my...> - 2014-03-06 18:42:29
|
You can also create a wrapper for haserl to call that provides the desired functions, and then configure sudo to allow the web user to execute that one script. You can even control the options accepted with sudo. This is flexible and easy to maintain, and you can move additional logic out into the wrapper. Again, not the best security in a wide open system, but in a closed environment it works acceptably well. I have one site going on 6 years and no breaks. On Thu, Mar 6, 2014 at 12:04 PM, Daniel Griscom <gr...@su...>wrote: > I doubt your web server executes scripts with the permissions > necessary to run sudo without a password (I certainly hope not). > > In any case, I'd put in some test echo statements that give the ID of > the process when the script is executed, and perhaps echoed the > return value of the sudo (i.e. did it fail?). > > You might want to make an external script (kept OUTSIDE of the web > tree) that is SUID root and does what you need it to. Then have this > script execute the SUID one. Even that's a bit iffy in the security > department, though. > > > Dan > > > At 6:51 PM +0100 3/6/14, Angelo Dureghello wrote: > >Dear, > > > >i am working on an embedded linux, arm based board, and using very > >nice haserl tool. > > > >I am trying to issue a "kill -9" from a .cgi passed to haser_wrapper. > > > >this is the script of the "test.cgi" : > > > ><% . /usr/local/lib/cgi/generic.sh; print_http_hdr %> > ><% > > echo test kill > > > > sudo /usr/kill -9 1593 > >%> > > > > > >If i work on console and pass the file to haserl_wrapper, it works, > >the process is killed properly. > >From web (using actually lighttpd), echo is redirected as web output > >and kill doesn't work. > > > >Every help is really appreciated. > > > >Thanks, > >Angelo > > > > >------------------------------------------------------------------------------ > >Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > >With Perforce, you get hassle-free workflows. Merge that actually works. > >Faster operations. Version large binaries. Built-in WAN optimization and > the > >freedom to use Git, Perforce or both. Make the move to Perforce. > > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > >_______________________________________________ > >Haserl-users mailing list > >Has...@li... > >https://lists.sourceforge.net/lists/listinfo/haserl-users > > > -- > Daniel T. Griscom gr...@su... > Suitable Systems http://www.suitable.com/ > 1 Centre Street, Suite 204 (781) 665-0053 > Wakefield, MA 01880-2400 > > > ------------------------------------------------------------------------------ > Subversion Kills Productivity. Get off Subversion & Make the Move to > Perforce. > With Perforce, you get hassle-free workflows. Merge that actually works. > Faster operations. Version large binaries. Built-in WAN optimization and > the > freedom to use Git, Perforce or both. Make the move to Perforce. > > http://pubads.g.doubleclick.net/gampad/clk?id=122218951&iu=/4140/ostg.clktrk > _______________________________________________ > Haserl-users mailing list > Has...@li... > https://lists.sourceforge.net/lists/listinfo/haserl-users > |
