How to generate script with Apache and run it by root avoiding to "kill" security

To: Debian_En <debian-user@lists.debian.org>
Subject: How to generate script with Apache and run it by root avoiding to "kill" security
From: "Guillermo Garron" <guillermo.fedora@gmail.com>
Date: Thu, 26 Jul 2007 11:18:43 -0400
Message-id: <[🔎] 865773ce0707260818t7bf8b8ffke0abb169cf0e6281@mail.gmail.com>

Hi List,

I am creating a PHP small program that will interact with MySQL and
will have the policies for the people in my office, i.e.:
Who can or can not access MSN messenger
Who can or can not access WWW

etc. once this is stored, a shell script with the iptables rules
should be created, and then run.

I do not want to run it with Apache, so I was thinking on creating a
CRON job that will run it as root once every n minutes, but the issue
i see here, is that if somebody "break" my Apache security he will be
able to create any script he likes and my CRON will run it, killing my
server security.

any better ideas about how can I achieve my goal?

thanks in advance.

best regards.

-- 
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
(Using F7, CentOS5, Ubuntu 7.40, Debian Etch and Mandriva 2007 Spring)
http://www.go2linux.org

Reply to:

Follow-Ups:
- Re: How to generate script with Apache and run it by root avoiding to "kill" security
  - From: "Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>
- Re: How to generate script with Apache and run it by root avoiding to "kill" security
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>
- Re: How to generate script with Apache and run it by root avoiding to "kill" security
  - From: Michael Pobega <pobega@gmail.com>

Prev by Date: Re: Getting wake-on-lan to work in Etch
Next by Date: How Debian BTS and its tools can be improved (user poll).
Previous by thread: Debian x IBM X3500
Next by thread: Re: How to generate script with Apache and run it by root avoiding to "kill" security
Index(es):
- Date
- Thread