Re: IPC Messages Redux

pileofrogs, Some slightly off-forum suggestions, which I hinted at in responding to your original question. I hope I don't sound harsh or condescending - I am neither a security expert nor cgi expert!

Seek not yet a Perl solution; but first the advice of other system administators on whether your proposal is wise.
Look to do these tasks more efficiently yourself.
If feasible, move these root procedures to a non-root account before making them accessible to others. (For example, do they pertain to an application that is root-owned simply for a privileged port, that could run as non-root on a higher port and be NAT'd?)
Enable others to execute only discrete root tasks that do one thing, like restart a specific application or tail a specific log.
Rather than cgi, have you ruled out shell-access? That would seem a minor inconvenience for the ability to pose as root; and would give you password enforcement, permissions, logging, etc.

Comment on Re: IPC Messages Redux

Replies are listed 'Best First'.
Re^2: IPC Messages Redux by pileofrogs (Priest) on Feb 02, 2009 at 18:46 UTC
A funny thing about perlmonks: I get better sysadmin advice in my perl questions (badly written though they be) here than I get asking sysadmins sysadmin questions anywhere else....	[reply]