SELinux vs BackupPC web interface
John Summerfield
debian at herakles.homelinux.org
Sun Nov 18 22:05:11 UTC 2007
Les Mikesell wrote:
>>
>> What I have done, in Debian and without selinux, where I want CGI to
>> do root stuff is to authorise it without passwords via sudo,
>
> Is there some reason to think this is better than the methods provided
> by apache or perl?
>
Two things I like about it:
1. I know how to use SUDO. I've forgotten how to do it in Apache.
2. It's automatically logged that it's done. If I must, I can identify
which computer did it.
For you to better assess my stupidity:
It controls whether the stewed ants can have Internet. Possibly, they
could turn it off if they knew how, but once it's off they can't get to
the web site to turn it on, turning it off blocks all egress from their
LAN, servers aside.
Assuming they knew how, those most likely to turn it off are those most
likely to want it on. We don't think they would do it often:-)
The site's on a private IP. Any staff can turn it on or off. You have to
be on the premises to do it, or have a VPN. The Boss and I have a VPN.
--
Cheers
John
-- spambait
1aaaaaaa at coco.merseine.nu Z1aaaaaaa at coco.merseine.nu
-- Advice
http://webfoot.com/advice/email.top.php
http://www.catb.org/~esr/faqs/smart-questions.html
http://support.microsoft.com/kb/555375
Please do not reply off-list
More information about the fedora-list
mailing list