> The obvious solution, then, was to change the ownership of the > command-line script to group www-data and make it sgid.
Note that whenever you make a script suid or sgid you are trading in your padlock for a breadtie. There are many well known trivial ways to fool a suid script into giving you a shell of the id it is set to. Which may be fine for your application. If 100% of your users on that machine would logically be in that group then there is no difference in the end. Just as long as you know about it. Using sudo for this purpose is really much better because it works betting in the cases that you do care about security. Aternatively you could write a very small C program which handles the security details and have it call your script. But if you don't keep up on the security details then you should use sudo which does. Bob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
