[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Apache graceful as non-root

on Tue, Jan 09, 2001 at 09:38:59AM +0100, Sven Burgener (sburgener@objeng.ch) wrote:
> Hello Nate
> [yes, do CC: me]
> Nate Amsden wrote:
> > 
> > Sven Burgener wrote:
> > >
> > > Is there a way to do "apachectl graceful" as non-root user? Because when
> > > I do, I get an error about denied permission for binding to port 80.
> > 
> > you could i bet if you made apachectl setuid root but if security is
> > an issue i wouldn't reccomend it. to do this do chmod u+s apachectl
> Tried it. Doesn't work; Linux seems to silently drop suid root privilges
> on shell scripts.

Not seems to.  Does.  Security hole.

> > or you could configure sudo (haven't really messed with sudo can't
> > help ya there ..)
> Still requires you to enter the user's password though, right? I don't
> want to be putting that in the shell script that's callling "apachectl
> graceful".

You can update (or set) the sudo timestamp with:

    $ sudo -v

...which *will* prompt for a password if required.  Subsequent 'sudo'
commands within the timeout period won't require a password.  I use this
in certain shell scripts.

You can also require that the script be called with sudo.  Sudo is not
then a part of the shell script, but an invocation method.

It's possible to bypass the password entirely, but this isn't 
recommended.  Finding the method is left as an exercise to the reader.

Karsten M. Self <kmself@ix.netcom.com>    http://kmself.home.netcom.com/
  What part of "Gestalt" don't you understand?      There is no K5 cabal
   http://gestalt-system.sourceforge.net/        http://www.kuro5hin.org

Attachment: pgpZD6CoZURwP.pgp
Description: PGP signature

Reply to: