Running SYSTEM as user filepro
Fairlight
fairlite at fairlite.com
Thu Nov 18 12:49:23 PST 2004
Confusious (J. Ryan Kelley) say:
> I've recently started a project in which a SYSTEM command is used to copy a
> file to a directory on another server to which only the user filepro has
> access. However, this copy fails because the SYSTEM call runs as my user id
> rather than the user filepro. Is there a way for me to have this command be
> executed by the user filepro instead?
Sounds like Linux on a post-bash2 system.
I'd suggest getting and using sudo for this operation. The only problem is
that you'll be able to specify the full path to /bin/cp, but that means
that anyone that's allowed to do this from inside filepro can -also- do it
from outside filepro, as sudo doesn't care what the invoking process was.
So they could overwrite fP binaries, data files, etc.
There's no terribly elegant way around that. I suppose if I -had- to do
this, I'd go with copying /bin/cp to /appl/fp/fpsyshelper and let sudo work
on -that-, and hopefully keep the very knowledge of its existance a secret
by making /appl/fp mode 0711 so that people can access the binaries but
can't get a directory listing. I'd really be wary of granting straight
access to the main 'cp' binary arbitrarily though.
I don't even particularly like the above solution--it borders on security
through obscurity. Someone else feel free to chime in--I'd love to see
something better proposed. I'm drawing a blank at the moment.
mark->
More information about the Filepro-list
mailing list