我必须开发一个用CGI编写的网站。
我想知道如何使用CGI的根权限运行脚本。
假设脚本名称为hello,我从类似CGI的系统(“pathToTheFile/hello”)运行它。
现在我想以root身份运行这个hello文件;有人能帮我吗?
通常,做这种事情最安全的方法是使用类UNIX操作系统的<em>setuid</em>功能。如果将hello程序的所有者设置为root,然后设置setuid位:
chmod u+s hello
然后,无论是谁执行程序,它都将以root身份执行。这适用于本机可执行文件,但不适用于解释的脚本。如果“你好”必须是一个脚本,那么这对你来说是行不通的。
现在,我不得不说,一般来说,setuid根程序不是一个好主意。通常,您可以创建一个特殊的用户来拥有该脚本,并赋予该用户一些所需的有限权限,然后使该脚本成为该用户的setuid。
从网页上以root身份执行操作的一种更安全的方法是断开程序执行与网页的连接。相反,使用Unix本地套接字、命名管道或排队作业的目录。
目录可能是最容易处理的。设置一个可以将文件写入网页的目录。当您的页面需要完成某些工作时,请编写一个描述该工作的文件。然后你有一个以root身份运行的程序在等待新的作业。如果需要快速响应,它可以连续运行,也可以使用crontab条目每分钟或每隔几分钟运行一次。
通常的方法是让可执行文件归您想要运行它的用户所有,然后设置SUID位。
使用sudo的方法通常需要用户输入密码(有很多方法可以解决这个问题,但它们非常复杂)。
我想我不需要提及设置SUID位是一件非常危险的事情,是吗?如果有任何其他方式来做你想做的事情,你应该使用它。
你可能想考虑的一件事是,不是根据你需要的解决方案,而是根据你想要解决的问题来提出问题。以root身份运行是一个解决方案,但不一定是一个好的解决方案。张贴您想要实现的而不是如何实现,我们可以以一种危险性小得多的方式帮助您。
For security reasons, it is desirable to check the integrity of code before execution, avoiding tampered software by an attacker. So, my question is How to sign executable code and run only trusted ...
How can I check the file encoding in a shell script? I need to know if a file is encoded in utf-8 or iso-8859-1. Thanks
i would like to know if there are any solution to do this. Does anyone? The big picture: I want to access data over the web, using my delphi thin clients. But i´would like to keep my server/service ...
Since cruise control is full of bugs that have wasted my entire week, I have decided the existing shell scripts I have are simpler and thus better. Here is what I have so far svn update /var/www/...
I ve just installed Zend Studio 7.0.2 on my Linux-Ubuntu 9.10 system. There were no problems during the installation but when I try to create a new project, the New Project form hangs when I click ...
I am running valgrind as follows:- /usr/local/bin/valgrind "process_name" After excecution its giving me following error ==21731== ==21731== Warning: Can t execute setuid/setgid executable: ==...
I was wondering if there were any good free graphics libraries for C that are easy to use? It s for plotting 2d and 3d graphs and then saving to a file. It s on a Linux system and there s no gnuplot ...
Is there anything other than DDD that will draw diagrams of my data structures like DDD does that runs on Linux? ddd is okay and runs, just kind of has an old klunky feeling to it, just wanted to ...