[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Running root commands by http (END)

On Thu, 23 Aug 2001 11:09:59 -0500
" Paul C. Nendick " <pauly@enteract.com> wrote:

> The reason the web based solution to this is not forthcoming is 
> that this is not a web problem.  The real solution is to hire 
> trustworthy admins capable of learning the right way to admin
> their systems.  I'm not trying to be a bastard, but since you asked
> this question on the a security list I'm giving you the solution
> to this problem that is the most professional and secure.
> Take the time you would have invested in programming this tool and simply
> document how to do these tasks with the tools already provided.  Take
> the money you will save in doing this and buy some O'Reilly books for
> your team.  
> Smart admins with an understanding of how systems really work will
> always be more valuable than untrusted admins with "idiot proof" tools.

Thanks, but if the sysadmin don't have many time to learn, I thinks it's better for him to give him a "user frendly" frontend which allow only what he needs. Like this, he can't do some errors by running some unknown commands which can lose him in the files tree or in a big stdout.

Of course it makes me more time to do it, but he will save time and as he payed me for doing this...

Well I thinks it's a very long discussion and with may issues ... and I got some problems to say it in English...

So in this case I decided to make a php frontend (with auth and https) witch run a few commands as exactly as possible, and puted them into sudoers with many controls...

I expect it will be enough.

Thanks to all for contributions on this question.


Easter-eggs                                Spécialiste GNU/Linux
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -     Fax: +33 (0) 1 41 35 00 76
mailto:elacour@easter-eggs.com   -    http://www.easter-eggs.com

Attachment: pgpNsuwR8pvKn.pgp
Description: PGP signature

Reply to: