comment on

At some point, your runs-as-root part needs to trust the job being submitted to it. What level of security is needed to get this trust high enough? What do you, as the SA, require the user to prove to you before you act on their request? Now, what is needed to have a program do the same thing?

Be careful about file system permissions. Perhaps run the CGI submitter under a suexec setup to allow only that CGI to touch whatever mechanism is used to pass information to run-as-root. Think "minimum privilege necessary".

--MidLifeXis

In reply to Re: Security, root and CGI? by MidLifeXis
in thread Security, root and CGI? by pileofrogs

Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
Want more info? How to link or How to display code and escape characters are good places to start.


Clear questions and runnable code get the best and fastest answer
	PerlMonks