On Tue, Sep 02, 2003 at 01:38:24AM +0200, Christopher Taylor wrote: > Jens Gutzeit wrote: > >On Monday 01 September 2003 21:53, mario ohnewald wrote: > >>What is the securest way of starting a application, like ping, from a > >>webinterface as a diffrent user. > what's wrong with making the program suid-to-some-other-user (not root) > and then just executing it? I reallize this doesn't work for ping, which > is suid-to-root anyway.
It doesn't work for scripts. I don't like the sudo approach either. Instead, I've written a tiny suexec-like wrapper which does nothing but changes its uid to match the owner of the program prior to executing it. bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever
