S
S
Sergey2015-08-13 02:15:19
linux
Sergey, 2015-08-13 02:15:19

What permissions are needed for the config to safely change data in it via the web interface?

There is one hosting panel that works wonders. I write there one crutch that helps to enter the required ip address into the nfs-kernel-server config to allow it to connect remotely.
In fact, I take the data from the textarea and write it to /etc/exports, after validating and checking the IP address in the required config format for the required folders.
Now, while I'm writing all this, I put 777 on the config, which is not good.
If the config is left as root and -rw-r--r-- (644), then nothing can be written there. And how to be?
Write a bash script that runs as root via exec? It looks like a superfluous gasket, and how can I execute it through exec () from under the root? And I caught Escobar's theorem. But the truth is somewhere nearby and the best option should be, what is it? Add the www-data group to the config and allow it to write? I'm at a loss. I'll go get drunk.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
R
rutaka nashimo, 2015-08-13
@butteff

It is enough to put SUID on a script that will change the config, but I recommend changing only certain values, preventing the ability to write arbitrary code, conducting very strict validation and restricting access to the web resource.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question