Originally Posted by
cldfzn
Yea, those are pretty much my thoughts exactly. Only I don't have control over the setup, I'm just tasked with trying to find some solution that is secure
. Is there a way to have a user only allowed to sudo commands contained in a single perl script. My idea is that if the execution of my script is allowed to run the commands as the network script user then I can whitelist commands to be used and blacklist every thing else, something I haven't found possible with sudoers. We're basically trying to poll logs from external servers and create a lovely web interface to do so.
It would probably be easier to just allow the script user to sudo your script. You can make specific rules in your sudoers file for specific commands.
Code:
scriptuser ALL=NOPASSWD:/path/to/myscript
Or maybe you can set the script user's shell to your script, so when you log in, it runs your script then exits.
If you're really concerned about security, you can chroot the script user, then create links to the directories the script user needs access to.
Bookmarks