[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux vs BackupPC web interface

Les Mikesell wrote:

What I have done, in Debian and without selinux, where I want CGI to do root stuff is to authorise it without passwords via sudo,

Is there some reason to think this is better than the methods provided by apache or perl?

Two things I like about it:
1. I know how to use SUDO. I've forgotten how to do it in Apache.
2. It's automatically logged that it's done. If I must, I can identify which computer did it.

For you to better assess my stupidity:
It controls whether the stewed ants can have Internet. Possibly, they could turn it off if they knew how, but once it's off they can't get to the web site to turn it on, turning it off blocks all egress from their LAN, servers aside.

Assuming they knew how, those most likely to turn it off are those most likely to want it on. We don't think they would do it often:-)

The site's on a private IP. Any staff can turn it on or off. You have to be on the premises to do it, or have a VPN. The Boss and I have a VPN.



-- spambait
1aaaaaaa coco merseine nu  Z1aaaaaaa coco merseine nu
-- Advice

Please do not reply off-list

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]