Never do that. As far as possible try to avoid using suid scripts on web servers, and that too never for changing system parameters. A better solution is to call sudo from your script. You can configure the /etc/sudoers file like this -
Host_Alias MYSERVER = <servername> Cmnd_Alias CHANGE_IF = /sbin/ifup
# User privilege specification root ALL=(ALL) ALL apache MYSERVER= NOPASSWD: CHANGE_IF
-------------------------------------------
Use something like this in perl - $return = system("sudo","/sbin/ifup","eth1");
Nilesh.
--- Amish Mehta amish@ownmail.com wrote:
Why dont u write small cgi-script with setuid bit set?, that acts as wrapper and runs command passed through a cgi-variable. You might as well want to make it a open source project.
You can use htaccess for authentication OR write your own authentication code by way of cookies or cgi-variables.
Amish.
P.S. Make sure you dont leave any security hole in script.
sachin rase wrote:
but i want to execute through apache is there any way to execute this way
ATTACHMENT part 2 application/octet-stream name=anonymous
ATTACHMENT part 3 application/octet-stream name=anonymous
ATTACHMENT part 4 application/octet-stream name=anonymous
________________________________________________________________________ Everything you always wanted to know about cars and bikes,now at: http://in.autos.yahoo.com