Sujet : Re: Simple way for web to execute root shell script.
De : tnp (at) *nospam* invalid.invalid (The Natural Philosopher)
Groupes : comp.os.linux.misc comp.sys.raspberry-piDate : 23. May 2025, 16:05:22
Autres entêtes
Organisation : A little, after lunch
Message-ID : <100q2ri$4q0p$4@dont-email.me>
References : 1 2
User-Agent : Mozilla Thunderbird
On 23/05/2025 15:14, John-Paul Stewart wrote:
On 2025-05-23 8:26 a.m., The Natural Philosopher wrote:
I have a shell script that monitors hardware stuff - it needs to run as
root and be called by Apache as user www.
>
Bookworm linux on a Pi4.
>
Its all inside a domestic firewall so security is not a huge issue.
What is the quickest and simplest solution to this?
Use sudo to call the script. First, drop a file into /etc/sudoers.d/
containing something like the following (untested):
www ALL = (root) NOPASSWD: /path/to/script
That should allow Apache running as www to call 'sudo /path/script' to
run 'script' as root with no password needed. But at the same time, the
www user won't be able to run anything else as root (nor any other user).
That is actually perfectly fine. I like that it nails everything down to one perfectly useless script to hacker.
Now to solve the nightmare of apache site config to allow it to execute that directly...
-- “when things get difficult you just have to lie”― Jean Claud Jüncker
Simple way for web to execute root shell script.
Re: Simple way for web to execute root shell script.