On March 25, 2016 9:00:51 PM GMT+01:00, Byron Klippert
wrote:
>That's it, thanks Tim.
>
>For the record I've got `permit nopass www as root cmd /sbin/pfctl' in
Unless you want the web server to have full control over pf, you really should
add the args directive too the doas rule too.
>doas.con
That's it, thanks Tim.
For the record I've got `permit nopass www as root cmd /sbin/pfctl' in
doas.conf and the script calls `printf "`doas /sbin/pfctl -sr`"'.
Seems to work.
On Fri, Mar 25, 2016, at 12:31, Tim van der Molen wrote:
> Byron Klippert (2016-03-25 18:37 +0100):
> > CGI script:
> >
Byron Klippert (2016-03-25 18:37 +0100):
> CGI script:
> #!/bin/ksh
> printf "Content-type: text/html\n\n"
> printf "Hello!\n"
> printf "\n"
> printf "`doas pfctl -sr`"
>
>
> doas.conf:
> permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
> permit nopass www as root cmd /sbin/pfc
Hello,
Running March 10 snapshot, I've got httpd setup with slowcgi happily
churning out scripts. However, I've run into a permissions issue trying
to run /sbin/pfctl from within a script.
Default permissions on /dev/pf...
alix:/home/admin $ ls -lh /dev/pf
crw--- 1 root wheel 73, 0 Mar
4 matches
Mail list logo
