< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [sipX-dev] Input on XCF-651 implementation (Restore page from sipXconfig UI)

From: "Andy Spitzer" <woof@xxxxxxxxxxx>
Date: Tue, 03 Apr 2007 14:06:44 -0400

On Tue, 03 Apr 2007 13:42:26 -0400, Paul Mossman <paul.mossman@xxxxxxxxx> wrote:

> 3.  I see that the script will need to be run as root in order to have
> the permissions to stop/restart the services and do the actual
> restore.  A user who has logged in a superadmin may find it strange to
> subsequently provide root credentials in order to perform a Restore.
> So I'm wondering if we can avoid this, perhaps with setuid on the
> script for instance.
setuid on scripts is rarely a good idea, they are an easy vector for security 
problems.

sudo is a better answer for not needing to provide root credentials, and it can 
be locked down to allow only that script to be run if desired.


--Woof!

References:
- [sipX-dev] Input on XCF-651 implementation (Restore page from sipXconfig UI)
  - From: Paul Mossman

Prev by Date: [sipX-dev] Input on XCF-651 implementation (Restore page from sipXconfig UI)
Next by Date: [sipX-dev] Global Call Pickup: "*allcredentials" in SUBSCRIBE To: field
Previous by thread: [sipX-dev] Input on XCF-651 implementation (Restore page from sipXconfig UI)
Next by thread: Re: [sipX-dev] Input on XCF-651 implementation (Restore page from sipXconfig UI)
Index(es):
- Date
- Thread