Sujet : Re: Simple way for web to execute root shell script.
De : tnp (at) *nospam* invalid.invalid (The Natural Philosopher)
Groupes : comp.os.linux.misc comp.sys.raspberry-piDate : 23. May 2025, 16:06:15
Autres entêtes
Organisation : A little, after lunch
Message-ID : <100q2t7$4q0p$5@dont-email.me>
References : 1 2 3
User-Agent : Mozilla Thunderbird
On 23/05/2025 15:47, Lew Pitcher wrote:
On Fri, 23 May 2025 13:51:57 +0100, Pancho wrote:
On 5/23/25 13:26, The Natural Philosopher wrote:
I have a shell script that monitors hardware stuff - it needs to run as
root and be called by Apache as user www.
>
Bookworm linux on a Pi4.
>
Its all inside a domestic firewall so security is not a huge issue.
What is the quickest and simplest solution to this?
>
>
>
Dunno, change script ownership to root and use setuid, sudo chmod u+s.
It used to work, nowadays who knows? It did used to provide security holes.
FWIW, the Linux kernel does not honour the setuid bit when running hashbang
scripts.
So I discovered...and that is fair enough, as its a *bit* of security hole
-- “when things get difficult you just have to lie”― Jean Claud Jüncker
Simple way for web to execute root shell script.
Re: Simple way for web to execute root shell script.