[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Automation of Administrative Tasks on an RHEL Box



modify sudoers to allow only specific commands be run as the apache user with NOPASSWD and not a blanket "apache ALL=(ALL)   NOPASSWD: ALL"

An alternative method would be to use a tool like Puppet or CFEngine to make the changes, and if they absolutely have to have a web interface, write a web interface that will allow you to make those specific changes to the related puppet/cfengine files. Those tools would then push out the changes.

Mike
-----Original Message-----
From: redhat-list-bounces redhat com [mailto:redhat-list-bounces redhat com] On Behalf Of Marti, Robert
Sent: Thursday, September 16, 2010 1:37 PM
To: 'General Red Hat Linux discussion list'
Subject: RE: Automation of Administrative Tasks on an RHEL Box

Hey - he's already allowing anonymous changes to his network stack.  Might as well go nuts.

Rob Marti

> -----Original Message-----
> From: redhat-list-bounces redhat com [mailto:redhat-list-
> bounces redhat com] On Behalf Of Elliott, Andrew
> Sent: Thursday, September 16, 2010 1:31 PM
> To: General Red Hat Linux discussion list
> Subject: RE: Automation of Administrative Tasks on an RHEL Box
> 
> It would, but only if the sudoers file has been configured to give the apache
> (or www user account) access to run scripts as root...
> 
> I'm pretty sure that nobody puts their apache user in the sudoers file...
> 
> -----Original Message-----
> From: redhat-list-bounces redhat com [mailto:redhat-list-
> bounces redhat com] On Behalf Of Sanjay Chakraborty
> Sent: Thursday, September 16, 2010 2:27 PM
> To: General Red Hat Linux discussion list
> Subject: Re: Automation of Administrative Tasks on an RHEL Box
> 
> > sudo would work.
> true.
> 
> Beside sudo, RHEL 5 works well with ACL ( it is part of default setting in
> filesytem level in super block). Add user or group in ACL (access control list)
> and the user can do the thing.
> See man page of setfacl/getfacl
> 
> On Thu, Sep 16, 2010 at 2:06 PM, Marti, Robert <RJM002 shsu edu> wrote:
> > sudo would work.
> >
> >
> >
> > Sent from my iPhone
> >
> > On Sep 16, 2010, at 1:03 PM, "Devarishi Kumar Mahadeva"
> <dk_mahadeva yahoo com> wrote:
> >
> >> Hi All,
> >>
> >>
> >> Here is a good scenario of  Automation of Administrative Tasks (it
> >> was presented before me in an interview at a Defense Department,
> Navy):
> >>
> >> Design a Web Interface using PHP (we can use Perl also)  that has fields
> for:
> >>
> >> IP Address, Default Gateway, Subnet Mask, etc. and when the values
> >> are submitted the Linux Server (RHEL) should be able to process the
> >> request and change the Network information accordingly and restart
> >> the Network Services. (It it noteworthy that such a Web Interface is
> >> to be used on an Intranet and is for testing purpose only, we really
> >> do not intend to invite any security vulnerabilities by allowing
> >> anyone to change the Network Settings.)
> >>
> >> The only point here is how to get a (CGI-)Script (PHP or Perl) be
> >> able to perform the tasks of an Administrator, i.e. execute commands
> >> that only the root user or a user with some root privileges can issue.
> >>
> >> We can easily pass values to a PHP / Perl or even to a Shell Script
> >> program on the server.... in /var/www/cgi-bin or /var/www/html
> >> directories. But how will it run with the root privileges?
> >>
> >> With regards,
> >>
> >> Devarishi Kumar Mahadeva.
> >>
> >> ________________________________
> >>
> >> (UNIX Application Support)
> >> HCL Technologies Ltd.,
> >> Infra Tower, Plot No. A 3, Sector 126, SEZ Noida (Uttar Pradesh) -
> >> India.
> >> Mobile No.: +919999355295
> >>
> >> ________________________________
> >>
> >>
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe mailto:redhat-list-
> request redhat com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> > https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> 
> 
> --
> Regards.
> Sanjay Chakraborty
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request redhat com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]