|
|
Posted by pangea33 on 12/22/06 22:03
Ivan Marsh wrote:
> On Wed, 20 Dec 2006 11:33:14 -0500, Jerry Stuckle wrote:
>
> > Ivan Marsh wrote:
> >> On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:
> >>
> >>
> >>>Ivan Marsh wrote:
> >>>
> >>>>Hey folks,
> >>>>
> >>>>I'm looking for a script that allows control of account expiration
> >>>>dates using chage under Linux so non admins can control account
> >>>>expiration of client accounts. Anyone ever written anything like that?
> >>>
> >>>This is definitely not something you're capable of accomplishing simply
> >>>by using PHP. The PHP engine is running on the Linux box, so it's
> >>>limited by the security configuration of that server. Including the
> >>>security settings that keep non-admin users from modifying settings only
> >>>accessible by administrators. Sorry, man.
> >>
> >>
> >> Are you suggesting it's not possible to shell out and run a sudo command
> >> from a PHP script?
> >>
> >> I have complete control over the server in question.
> >
> > You can, but you're creating a security whole in your server the size of
> > the Grand Canyon.
>
> Of that I have no doubt... but this isn't a public server so I only have
> to worry about "internal" issues.
My response about an inability to do this was due to it being in a php
forum. If you've got full control over this server, why are you using
php? If it's because you're developing an Intranet, you can indeed use
sudo in the script, but will have to either use NOPASSWD or store the
unencrypted admin password in a text document that the webserver user
account can access and read.
Any thoughts about firing off a shell script cron task as root on the
server instead of allowing indiscriminate execution by users?
Navigation:
[Reply to this message]
|