I'm currently trying to write a simple control panel in java to be run as a servlet in Tomcat. My problem is though, I do not know how to run the scripts as root (so they can access BIND, Postfix, etc files). I have thought about running a 2nd instance of Tomcat as root so that others on the server can't use their scripts to access these files, but that's obviously still a security hazard. How does Hsphere and Webmin et al get around this?

(BTW, please don't suggest not writing a CP and buying an existing one because we use an OS that non of the major CP's support)

Thanks,

I'd like an answer to this as well, for a different problem.

Any solutions?

webmin has its own webserver and does not use apache, but it is not as fast or memory efficient as apache... :angel:

Is this what all CP's do?

DO NOT RUN THE WEBSERVER AS ROOT!!!

Thus stated, here's how to do it, write a few suid wrappers that call scripts to do what you need done.

If you run your webserver as root you are opening your entire system to webserver related bugs.

For a setuid wrapper you can limit what happens when root is in control, for example a setuid wrapper could call a perl script that recreates an example zone file from SQL.

You could also change ownership of key processes to something like "privwebuser" and run your webserver as that, but please don't run your server as root.

thanks,
Ben

Yes, I know not to run the webserver as root. I've stated this before. I'll look in to the suid wrappers.

When you compile apache with user set to root, it comes up with pagefulls of warnings. However, if you set it to run on a weird port, add in a load of .htaccess stuff, its fine. We have this up and running in a real world environment for several years on many servers. Also, this was "our" best solution for a control panel, and thats what its used for.

suid has limits, and you're bound to reach them at some point. The "big boys" know this, thats why they dont use suid.

I mean, compile apache on Windows, and just look at their disclaimers.....:)

What about if the CP was in 2 parts, one was just the "middleware" that the front end talked to, and another standalone program that could run as root but was not accessable by the Webserver. It would have some sort of feature that it would only accept input from and would only output to the webserver (or script running in the server).

Is this unadvisable? It would simply be a Daemon or somethinng similar.

Depending on the OS, you could try using "sudo", forgot about that one in my earlier response. I assume its a variant of unix because of the root question.