Re: Limiting User Commands

To: debian-isp@lists.debian.org, debian-user@lists.debian.org
Subject: Re: Limiting User Commands
From: Stephen Le <zeroion@gmail.com>
Date: Fri, 5 Nov 2004 13:24:05 -0800
Message-id: <[🔎] 3f9fee5104110513244136aae4@mail.gmail.com>
Reply-to: Stephen Le <zeroion@gmail.com>
In-reply-to: <[🔎] 3082.82.199.192.18.1099677213.squirrel@82.199.192.18>
References: <[🔎] 3f9fee5104110509315629b895@mail.gmail.com> <[🔎] 3082.82.199.192.18.1099677213.squirrel@82.199.192.18>

On Fri, 5 Nov 2004 19:53:33 +0200 (EET), ea@sellinet.net
<ea@sellinet.net> wrote:
> Yes, you can make something like that: addgroup(access), then change
> groupname of commands that you want with that group (access), remember to
> remove "execute/search by others" from commands that are with
> group(access), also don't forget to add group(access) to every user that
> you want to have access to this commands.

The only thing I'm worried about with that method is whether a user
would be able to run commands that they aren't supposed to have access
to if they write a Perl script calling one of the banned commands and
getting Apache to execute that script. In other words, would the
script execute with the script owner's priviledges or with Apache's
priviledges?

Thanks,
Stephen Le

Reply to:

Follow-Ups:
- Re: Limiting User Commands
  - From: ea@sellinet.net

References:
- Limiting User Commands
  - From: Stephen Le <zeroion@gmail.com>
- Re: Limiting User Commands
  - From: ea@sellinet.net

Prev by Date: Re: apache & log files
Next by Date: Re: Limiting User Commands
Previous by thread: Re: Limiting User Commands
Next by thread: Re: Limiting User Commands
Index(es):
- Date
- Thread