Beefy Boxes and Bandwidth Generously Provided by pair Networks
Come for the quick hacks, stay for the epiphanies.
 
PerlMonks  

Apache, Catalyst and executing commands that need root permission

by ghenry (Vicar)
on Apr 25, 2006 at 09:33 UTC ( [id://545510]=perlquestion: print w/replies, xml ) Need Help??

ghenry has asked for the wisdom of the Perl Monks concerning the following question:

Dear All,

I know lots of you will have needed to do something similar, but what would you advise on the best way to execute commands that need root access?

I only need to be able to create a home directory and run one other command.

Use sudo?

This is for http://sosa.sourceforge.net

Thanks,
Gavin.

Walking the road to enlightenment... I found a penguin and a camel on the way.....
Fancy a yourname@perl.me.uk? Just ask!!!

Replies are listed 'Best First'.
Re: Apache, Catalyst and executing commands that need root permission
by davorg (Chancellor) on Apr 25, 2006 at 09:51 UTC

    I always use sudo. I like it because:

    1. You can give people access to individual commands
    2. You don't need to give them the root password
    3. There's an audit trail
    --
    <http://dave.org.uk>

    "The first rule of Perl club is you do not talk about Perl club."
    -- Chip Salzenberg

Re: Apache, Catalyst and executing commands that need root permission
by castaway (Parson) on Apr 25, 2006 at 09:53 UTC
    Ick ;)

    Write them in a db/some storage somewhere, and have a cronjob come along and do ? (Parsing the contents carefully of course)

    C.

      This is my normal procedure -- although some people don't like the delay (even checking the files every 5 minutes or so), there are other considerations -- for instance, this allows you to replay the files, should something go wrong. I've also used it to keep the account creation on a different machine, and then polled for new files. For some tasks, this might be overkill, though. sudo, when used correctly (ie, only given a specific command allowed), can be very secure, and you don't have to worry about making sure that the cronjobs all ran cleanly (which I mentioned recently in Re: Accessing cron job output from a web page?). You get an immediate error message when something goes wrong when you're using sudo.

      What I don't like about sudo is that I have to give permission to the entire webserver. You can mitigate some of this with suEXEC or CGIWrap.

      Oh -- and I don't know what the other command is -- but for the directory creation, you might be able to set the permissions so the webserver user (or wrapped user) can write to the given directory ... I assume the other command is setting the permissions on the directory, If you do end up changing the permissions, and it's ufs, you can set the sticky bit to keep the webserver user from deleting the directories.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://545510]
Approved by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (5)
As of 2024-03-28 17:31 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found