Allowing Apache on EC2 to run sudo commands via CGI script

冷暖自知 提交于 2019-12-11 08:04:59

问题


I have an Amazon (AMI) Linux EC2 instance running on AWS. I'm create a perl script that will create directories when it is called through a web url (CGI script).

However, because the browser is executing the script, the user apache is running the perl script. Because apache is not allowed to do mkdir command without using sudo none of the directories are being created.

I've modified the scripts permissions to execute (755) via the browser, however none of the mkdir commands work.

I even tried using the sudo command within the perl script, but I have no luck. However, all of the non sudo commands work such as 'cd' etc.

If anyone knows how to resolve this issue I would appreciate it.


回答1:


I've found the answer through searching.

The first thing you need to do is disable tty for the current user.. my web browser executes anything as the user 'apache' on the server.

So in my /etc/sudoers file i added

Defaults:apache !requiretty

Also i created a list of commands that I want apache to use without requiring the sudo password

Cmnd_Alias APACHE = /bin/mkdir, /bin/rmdir apache ALL=(ALL) NOPASSWD: APACHE

This allows only certain sudo commands to execute on my web server without requring the password.

NOTE: only open the /etc/sudoers file using the visudo command... DO NOT open it using just regular vim or nano because if you save it and theres an error it will **** your machine up and you may have to create a whole new server because any sudo commands wont execute.

u can specify your editor using visudo.. e.g

EDITOR=nano visudo



来源:https://stackoverflow.com/questions/23277891/allowing-apache-on-ec2-to-run-sudo-commands-via-cgi-script

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!