What permissions are needed for the config to safely change data in it via the web interface?

S

Sergey2015-08-13 02:15:19

linux

Sergey, 2015-08-13 02:15:19

There is one hosting panel that works wonders. I write there one crutch that helps to enter the required ip address into the nfs-kernel-server config to allow it to connect remotely.
In fact, I take the data from the textarea and write it to /etc/exports, after validating and checking the IP address in the required config format for the required folders.
Now, while I'm writing all this, I put 777 on the config, which is not good.
If the config is left as root and -rw-r--r-- (644), then nothing can be written there. And how to be?
Write a bash script that runs as root via exec? It looks like a superfluous gasket, and how can I execute it through exec () from under the root? And I caught Escobar's theorem. But the truth is somewhere nearby and the best option should be, what is it? Add the www-data group to the config and allow it to write? I'm at a loss. I'll go get drunk.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

R

rutaka nashimo, 2015-08-13
@butteff

It is enough to put SUID on a script that will change the config, but I recommend changing only certain values, preventing the ability to write arbitrary code, conducting very strict validation and restricting access to the web resource.