| Deutsch English Français Italiano |
|
<100q961$62mq$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: The Natural Philosopher <tnp@invalid.invalid> Newsgroups: comp.os.linux.misc,comp.sys.raspberry-pi Subject: Re: Simple way for web to execute root shell script. Date: Fri, 23 May 2025 17:53:21 +0100 Organization: A little, after lunch Lines: 43 Message-ID: <100q961$62mq$1@dont-email.me> References: <100pphq$2taj$2@dont-email.me> <100pvgp$40ea$1@dont-email.me> <100q2mm$4q0p$2@dont-email.me> <100q3v7$inu3$1@news1.tnib.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit Injection-Date: Fri, 23 May 2025 18:53:24 +0200 (CEST) Injection-Info: dont-email.me; posting-host="3d7cd618be9f8f567fee64e098e28796"; logging-data="199386"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+O0TeLXpWWfQFfP8VuLwgNYrk+vrCuyIA=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:vuXLXRxmLO9f4CqvgnIb3F3YL6M= Content-Language: en-GB In-Reply-To: <100q3v7$inu3$1@news1.tnib.de> Bytes: 2564 On 23/05/2025 16:24, Marc Haber wrote: > The Natural Philosopher <tnp@invalid.invalid> wrote: >> On 23/05/2025 15:08, Lew Pitcher wrote: >>> On Fri, 23 May 2025 13:26:34 +0100, The Natural Philosopher wrote: >>> >>>> I have a shell script that monitors hardware stuff - it needs to run as >>>> root and be called by Apache as user www. >>> >>> As you probably already know, the system won't run shell scripts as setuid, >>> even if the setuid bit is set. So, the direct route is out. >>> >>>> >>>> Bookworm linux on a Pi4. >>>> >>>> Its all inside a domestic firewall so security is not a huge issue. >>>> What is the quickest and simplest solution to this? >>> >>> My gut reaction would be to have the webserver use sudo(1) (with suitable >>> limitations set in the /etc/sudoers file) to run the script via a system(3) >>> call. >>> >> cant one execute it direct from apache? > > If it's a shell script then it won't run as root even if it is suid > root. > > I'd go the sudo way, but I'm not neutral about that¹. > I did in fact go that way... After stumbling through the usual mess of 'it worked perfectly well before so let's change the way we do it' crap with apache2 versus 2.4.. > Greetings > Marc > > ¹ I maintain sudo in Debian -- “Puritanism: The haunting fear that someone, somewhere, may be happy.” H.L. Mencken, A Mencken Chrestomathy