Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Rich Newsgroups: comp.os.linux.misc,comp.sys.raspberry-pi Subject: Re: Simple way for web to execute root shell script. Date: Fri, 23 May 2025 18:44:28 -0000 (UTC) Organization: A noiseless patient Spider Lines: 22 Message-ID: <100qfmc$78ks$3@dont-email.me> References: <100pphq$2taj$2@dont-email.me> Injection-Date: Fri, 23 May 2025 20:44:29 +0200 (CEST) Injection-Info: dont-email.me; posting-host="ca7f9289c29ceeebac12721371400e4f"; logging-data="238236"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+JDvWZ8bPmAlmK1Z0tErx9" User-Agent: tin/2.6.1-20211226 ("Convalmore") (Linux/5.15.139 (x86_64)) Cancel-Lock: sha1:aHyXJQruas3B7T8Qk+vRY0e7PCQ= Bytes: 1980 In comp.os.linux.misc The Natural Philosopher wrote: > I have a shell script that monitors hardware stuff - it needs to run > as root and be called by Apache as user www. > > Bookworm linux on a Pi4. > > Its all inside a domestic firewall so security is not a huge issue. > What is the quickest and simplest solution to this? You've been given lots of options already. But not this one. What "hardware stuff" is it monitoring? If it is reading files in /proc and/or /sys to obtain its "data" then another alternative would be to setup /proc and /sys to be mounted group or world readable (or to reset permissions on the necessary files via a rc.local boot script to group or world readable). That would let the script "monitor" without being root. Then you could even convert the script into a CGI script (which Apache is more than able to execute, and doing so for minimal text output involves the script outputting a handful of HTTP headers before the monitor data) and get your "monitoring data" back via Apache.