Re: su to user in a cgi script

What about using sudo? you can then use something like this:


if ($action eq 'Click to Send'){

exec("/path/to/sudo","-u",$user,"/path/to/predetermined/command");

}
[download]

This will run the predetermined command as the supplied username. You most defenitly want to use taint here, and probably find a way to do things differently, so that you won't have to mess with the permissions at all.

-- Dan

Comment on Re: su to user in a cgi script Download Code

Replies are listed 'Best First'.
Re: Re: su to user in a cgi script by Silicon Cactus (Scribe) on Sep 20, 2002 at 17:21 UTC
Don't forget the scariness of passing your passwords plaintext across the wire. <shivers>	[reply]
Re: Re: Re: su to user in a cgi script by virtualsue (Vicar) on Sep 20, 2002 at 18:04 UTC
Agreed! The only way to avoid that would be to set up a elaborate sudoers file which will permit the web user nobody/wwwrun to run a set number of commands as a particular userid w/o a password. Just don't do it. It's a bad idea. If you have a particular task in mind, there is probably a different, more secure way to go about it.	[reply]