|
|
Posted by Ivan Marsh on 12/26/06 16:08
On Fri, 22 Dec 2006 14:03:35 -0800, pangea33 wrote:
> Ivan Marsh wrote:
>> On Wed, 20 Dec 2006 11:33:14 -0500, Jerry Stuckle wrote:
>>
>> > Ivan Marsh wrote:
>> >> On Tue, 19 Dec 2006 22:19:11 -0800, pangea33 wrote:
>> >>
>> >>
>> >>>Ivan Marsh wrote:
>> >>>
>> >>>>Hey folks,
>> >>>>
>> >>>>I'm looking for a script that allows control of account expiration
>> >>>>dates using chage under Linux so non admins can control account
>> >>>>expiration of client accounts. Anyone ever written anything like that?
>> >>>
>> >>>This is definitely not something you're capable of accomplishing simply
>> >>>by using PHP. The PHP engine is running on the Linux box, so it's
>> >>>limited by the security configuration of that server. Including the
>> >>>security settings that keep non-admin users from modifying settings only
>> >>>accessible by administrators. Sorry, man.
>> >>
>> >>
>> >> Are you suggesting it's not possible to shell out and run a sudo command
>> >> from a PHP script?
>> >>
>> >> I have complete control over the server in question.
>> >
>> > You can, but you're creating a security whole in your server the size of
>> > the Grand Canyon.
>>
>> Of that I have no doubt... but this isn't a public server so I only have
>> to worry about "internal" issues.
>
> My response about an inability to do this was due to it being in a php
> forum. If you've got full control over this server, why are you using
> php? If it's because you're developing an Intranet, you can indeed use
> sudo in the script, but will have to either use NOPASSWD or store the
> unencrypted admin password in a text document that the webserver user
> account can access and read.
>
> Any thoughts about firing off a shell script cron task as root on the
> server instead of allowing indiscriminate execution by users?
"Indiscriminate execution by users" is, unfortunately the access I've been
asked to provide.
What the script will ultimately be doing is giving a select group of
internal users the ability to check and reset the password expiration
dates of a white-list of external client users.
Navigation:
[Reply to this message]
|