Sujet : Re: Simple way for web to execute root shell script.
De : tnp (at) *nospam* invalid.invalid (The Natural Philosopher)
Groupes : comp.os.linux.misc comp.sys.raspberry-piDate : 23. May 2025, 16:02:46
Autres entêtes
Organisation : A little, after lunch
Message-ID : <100q2mm$4q0p$2@dont-email.me>
References : 1 2
User-Agent : Mozilla Thunderbird
On 23/05/2025 15:08, Lew Pitcher wrote:
On Fri, 23 May 2025 13:26:34 +0100, The Natural Philosopher wrote:
I have a shell script that monitors hardware stuff - it needs to run as
root and be called by Apache as user www.
As you probably already know, the system won't run shell scripts as setuid,
even if the setuid bit is set. So, the direct route is out.
>
Bookworm linux on a Pi4.
>
Its all inside a domestic firewall so security is not a huge issue.
What is the quickest and simplest solution to this?
My gut reaction would be to have the webserver use sudo(1) (with suitable
limitations set in the /etc/sudoers file) to run the script via a system(3)
call.
cant one execute it direct from apache?
This is how I was thinking of doing it
If you mistrust sudo(1), then you /could/ write a simple setuid wrapper program
that executes the script after making some rudimentary userid checks
(ruid == www, euid == root, etc. (perhaps check that session leader is apache?))
Thats how I have done it in the past.
HTH
-- How fortunate for governments that the people they administer don't think.Adolf Hitler
Simple way for web to execute root shell script.
Re: Simple way for web to execute root shell script.