[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: help with web security

hi shao

from the autoated cgi scripts...
you can easily add new users to .htpasswd files to
allow them to access web stuff...

allowing users to add themself to your "main system"
and update dns, qmail and other stuff is giving the
hacker (indirectly) complete control of your machine...

- dont do it.....spend the time to find another way
  to admin your box....should be no more than 1-2hr per week
  for a typical server ... after it is built properly...
c ya

On Wed, 7 Jun 2000, Shao Zhang wrote:

> Hi,
> 	I am setting up an automated registration system where the cgi
> 	scripts need to do the following:
> 	1. add a new user to the system and write to passwd files
> 	2. update dns, restart named
> 	3. update httpd.conf, restart httpd
> 	4. update qmail conf, restart qmail-{..}
> 	5. many more...
> 	Now, to do all of this, surely I need root access. However,
> 	there is no way I can configure apache to run as root, and
> 	suEXEC won't help me much because it affectively runs that
> 	virtual webserver as root.
> 	So how do I achieve this while still enforce good security?
> 	One idea that I have is, let apache(cgi scripts) to write to a
> 	file with all the necessary information, and then have crontab
> 	to run the program as root to read this info and do all the update...
> 	Thanks for any help in advance.

Reply to: