Running CGI as root

Benjamin Minshall bminsh@mudbucket.goeke.net
Wed, 29 Mar 2000 15:28:38 -0500 (EST)


You wrote:

> From: Ben Pfaff <pfaffben@msu.edu>
> To: Benjamin Minshall <bminsh@mudbucket.goeke.net>
> Cc: linux-user@egr.msu.edu
> Date: 29 Mar 2000 12:36:56 -0500
> Subject: Re: Running CGI as root
> 
> 
> Benjamin Minshall <bminsh@mudbucket.goeke.net> writes:
> 
> > I have written a simple CGI script that requires root permission
> > to restart some daemons remotely; however, I can't get my script
> > to run as root.
> 
> What language is it written in?  Shell scripts can't be setuid,
> you know.
> 

It was a shell script; however, I've scratched that now.
How about Perl?

> > The web server is running as nobody and the script permissions
> > are -rws--x--x.
> 
> Do you realize that that's quite possibly a big fscking security
> hole?  A setuid CGI should probably be executable only by the
> owner and the group of the web server (which should probably be
> used only by the web server, i.e., `www-data' or such).

Yep.  Unfortunately, this server needs to be completly controlled
via a web interface, so a few scripts need to run SUID root.

> 
> > Is there something special I need to do to get the script to
> > run as root?
> 
>