Re: 'nobody' using sudo -- scary!
- From: smallpond <smallpond@xxxxxxxx>
- Date: Thu, 26 Jun 2008 11:43:54 -0400
Johnny wrote:
Hi,
My perl script runs as 'nobody' but it needs to execute some commands
with more privilege (rm /home/username/.forward). I see a lot of
talk about sudo for this type of circumstance ...is that really the
best choice? I've gotten the username/password of the account that
has permission to do what I'd like to do - maybe that's somehow
useful? Making the users home directory world writable seems to
break sendmail, so I don't want to fuss with that. Running perl
scripts as root must be the worst possible choice. Are there any
other methods worth considering? Is allowing 'nobody' to execute
commands as root an excepted practice?
Thanks in advance,
SuchaNewb
Things wrong with your post:
1) Not a perl question, so offtopic for this NG.
2) Asking for "best" without defining what you mean or want.
Do you have a reason not to use sudo or is your objection
based on not wanting to read the documentation?
3) Even thinking of making user's directories world writable
suggests that you should not be allowed the root password for
this system.
4) Using vacation or .forward in the first place, since they
are commonly abused by spammers. Mail routing must be
done based on the mail envelope, not body. You are using
sendmail, so there are already more secure ways to do whatever
it is that you want -- see the aliases file.
** Posted from http://www.teranews.com **
.
- References:
- 'nobody' using sudo -- scary!
- From: Johnny
- 'nobody' using sudo -- scary!
- Prev by Date: Re: 'nobody' using sudo -- scary!
- Next by Date: Re: run application from perl nonblocking?
- Previous by thread: Re: 'nobody' using sudo -- scary!
- Next by thread: FAQ 8.40 How do I avoid zombies on a Unix system?
- Index(es):
Relevant Pages
|
