[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: user access to network scripts
On Mon, 11 May 1998, Tuvik Beker wrote:
[... details were snipped ...]
> Up to this point there's no specia difficulty. The problem is that the
> whole procedure should be made not only by the superuser, but by a wide
> group of users, possibly all users. The system is physically secured, so
> generally security is considered a secondary issue on it, but this is an
> extreme case.
> I have to allow users to perform the procedure, but would like to
> minimize the changes to permissions of system files.
>
> What's your suggestion for the 'cleanest' way to do this?
I think that the cleanest way to do this will be:
1. Start a daemon, with the appropriate permissions to mess around with
the interfaces (the right group permissions?).
2. The daemon will listen on a certain UDP/IP port for commands.
3. The ordinary users will be provided with a script file (possibly
written in regular perl) which sends datagrams to the port.
4. The datagrams will be decoded by the daemon as one of the following
commands:
"Switch from interface A to interface B"
"Switch from interface B to interface A"
garbage (anything not recognized as one of the above)
5. The daemon will act only upon the first two interpretations.
Another approach, if you don't want to bother with daemons, spirits and
Volovic flames - is to use the sudo command.
--- Omer
Internet E-mail: xlacha1@wizard.weizmann.ac.il
omerz@actcom.co.il
WWW home page: http://www.weizmann.ac.il/~xlacha1/
"Different Way of Thinking"