Running CGI as root
Benjamin Minshall
bminsh@mudbucket.goeke.net
Wed, 29 Mar 2000 15:28:38 -0500 (EST)
You wrote:
> From: Ben Pfaff <pfaffben@msu.edu>
> To: Benjamin Minshall <bminsh@mudbucket.goeke.net>
> Cc: linux-user@egr.msu.edu
> Date: 29 Mar 2000 12:36:56 -0500
> Subject: Re: Running CGI as root
>
>
> Benjamin Minshall <bminsh@mudbucket.goeke.net> writes:
>
> > I have written a simple CGI script that requires root permission
> > to restart some daemons remotely; however, I can't get my script
> > to run as root.
>
> What language is it written in? Shell scripts can't be setuid,
> you know.
>
It was a shell script; however, I've scratched that now.
How about Perl?
> > The web server is running as nobody and the script permissions
> > are -rws--x--x.
>
> Do you realize that that's quite possibly a big fscking security
> hole? A setuid CGI should probably be executable only by the
> owner and the group of the web server (which should probably be
> used only by the web server, i.e., `www-data' or such).
Yep. Unfortunately, this server needs to be completly controlled
via a web interface, so a few scripts need to run SUID root.
>
> > Is there something special I need to do to get the script to
> > run as root?
>
>