comment on

Sudo can do this sort of thing for you. It's an executable so you'd need to use system or backticks to run it.

You'd need to split your logic so that the user interface is handled by the CGI script and updating the config file is handled by another script ('Script-B'). Then you'd configure the sudoers file to allow the anonymous web user (typically 'apache' or 'nobody') to run Script-B under another the user's real user id (with no password prompt and no lecture). Details of the required change would be passed to Script-B via the command line or STDIN. This assumes you've authenticated the user somehow before you proceed with the update.

Sudo itself is a setuid-root program but I believe it is well audited code - it's certainly widely used and has been for years.

In reply to Re: pprivilege elevation by grantm
in thread Privilege elevation by Uruk

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.