On Sat, 9 Feb 2008, j.chitte wrote:
> hi,
>
> I am setting up a simple web interface to control some IO on a 7250.
>
> The IO control is loosely based on adc_logger ( thanks Jim ;) )
> though it has evolved a long way from that now.
>
> I have commands and various args working as I require from a root
> command line but calling them from apache fails since apache does not
> have access to access the IO memory.
make the program setuid root
chown root adc_logger
chmod 755 adc_logger
chmod +s adc_logger
(I can never remember how to set the permissions in one go)
Then it will be able to do the business - even as "nobody" running from
apache.
> This is all as it should be but I would like some suggestions on a
> safe way to get this senario to work.
make sure your program can do nothing dangerous, or drop the root euid
after you've done everything you need as root.
> I would eventually like to be able to access this facility from
> outside (via a password protected page) so I would like a reasonably
> secure strategy.
>
> Thanks for any advice.
>
> /js/
>
>
>
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|