Re: [edlug] Custom Firewall Systems

[kyle <kyle@xxx.xxx.xxx>]

El dom, 02-05-2004 a las 22:40, Craig Perry escribió:
> Hey All :)
> 
> The smoothwall/IPcop threads have stirred an interest of mine here. Last 
> year i built a machine for my old man to put up his loft and act as a 
> file server and router/firewall to share a dialup connection over WiFi 
> between my laptop, his laptop and my sister's machine. I needed a system 
> that would allow all this and have an easy to use front end that allowed 
> authentication, establishing the dialup connection and disconnecting 
> when finished and also wee extras like downloading mail and scheduling 
> of downloads during the night. I couldn't find anything at the time so i 
> built my own. Just basic slackware install / custom php front end.
> 
> My question is this: is there a right (i.e. safe) way to call 
> scripts/programs/read files etc. scattered around the system (some 
> programs would need to be run as root) from php when running as user 
> apache? I know smoothwall etc. must do it somehow to be able to 
> function, just not had time to dissect a smoothwall system yet.

sudo may probe interesting :

$ apt-cache show sudo
Description: Provide limited super user privileges to specific users
 Sudo is a program designed to allow a sysadmin to give limited root
 privileges to users and log root activity.  The basic philosophy is
 to give as few privileges as possible but still allow people to get
 their work done.

$ cat /etc/sudoers
kyle    ALL = NOPASSWD: /etc/init.d/postfix

(in this case, I wanted to be able to restart the postfix service as
non-root)

of course, your scripts shouldn't be world-writable or apache-writable,
as they become a root shell ;-)




-- 
Backup not found: (A)bort, (R)etry, (S)uicide?

-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html