tags:

views:

97

answers:

3
Q: 

What is the appropriate way to run higher privilege commands via over HTTP

I have a web project for which I need to run a command when a specific URL is requested, but that command requires root privileges.

The project is served with a Python process (Django), of course running it with root privileges is not an option.

The command's parameters are hardcoded making it impossible to inject anything and it's a right protected application so I can be slightly more liberal on security since the users who will have access to it will be trustworthy (hopefully). However ideally I would like to do it securely.

.

+4  A: 

Use setuid: http://en.wikipedia.org/wiki/Setuid

"setuid and setgid (short for set user ID upon execution and set group ID upon execution, respectively) are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group."

...And be very, very careful!

RichieHindle  2009-06-02 22:28:37
Yeah, don't shoot yourself in the foot. What you are asking for screams for being exploited ;-)
lothar  2009-06-02 22:39:57
+5  A: 

Call out to the command via sudo with the NOPASSWD: option, that allows you fine grained access control and gives you auditing in syslog for free. Avoid using a shell and use an exec variant that takes the parameters directly as array.

David Schmitt  2009-06-02 22:28:44
+1  A: 

By all means avoid using setuid and setgid, you want to keep the HTTP server with as low permissions as possible. For the process that requires root privileges, use the http server to create a whole new separate process and invoke sudo. You should however not include the HTTP server uid or gid in the sudoers, but some other user that is the only one that can access the program, and that program is the only one that can run as root. The HTTP SERVER then starts a new process, it changing the UID to the dumb user and then executes the process with sudo as root.

daniel  2009-06-03 04:35:13
If my understanding is correct, the proper way is not setting gid/uid on the HTTP server itself, but on a cloaked copy of the binary you want to run.For example I want to run the command "svnserve" by the user www-data. I can copy the "svnserve" binary in the home folder of www-data and setuid on *this* binary. This way the only user who can run "svnserve" without root privileges is www-data. And this user can't run any other executable that requires root privileges.
h3  2009-06-03 16:44:10
Not quite, you create a user called svnserver-runner, and add svnserver-runner to the sudoers list which can run svnserve as root.Then the http server creaters a new thread, an changes the UID of the thread to svnserver-runner, and that thread then execute svnserve using SUDO, to get it to run as root.
daniel  2009-06-03 23:13:36

related questions

Displaying Version Information in a Web Service
Example Web Service
SoapException: Root element is missing occurs when .NET web service called from Flex
Best practice for webservices
What is your preferred method of sending complex data over a web service?
.Net - Returning DataTables in WCF
Is it possible to return objects from a WebService?
How much extra overhead is generated when sending a file over a web service as a byte array?
Returning Large Results Via a Webservice
File Uploads via Web Services
best way to persist data in .NET Web Service
What is the difference between an endpoint, a service, and a port when working with webservices?
Calling REST web services from a classic asp page
Best way to write a RESTful service "client" in .Net?
Where can I find some good WS-Security introductions and tutorials?
ASP.NET Web Service Results, Proxy Classes and Type Conversion
Web Services -- WCF vs. Standard
C# WCF Service - Backward compatibility issue
Document or RPC based web services
How to easily consume a web service from PHP
Timer-based event triggers
How to pass enumerated values to a web service
Homegrown consumption of web services
How do I print an HTML document from a web service?
How do I fill a DataSet or a DataTable from a LINQ query resultset ?