How to run a CGI script as root with password prompt
Posted on 2003-11-07
I am looking for a secure way to have a Perl script to run as root under Apache. The user would be prompted for a password and this password would be verified. Naturally I would use SSL on the script so that the password does not get passed in the clear. This is for a commercial product so it cannot be too dependant on system specific configurations.
Things that I have looked into are:
- SUExec (does not support root)
- Using system(SU) - Generally SU is not available to other than root:wheel and not the ID apache runs under.
- suidperl - I understand that this is not recommended and is not always available.
One idea I had was to create a script that would invoke SUDO on a shell script. The script would verify the root password against etc/password and then proceed to do what it needs to do. The SUDO script would be set up to be run by anyone and not require a password prompt since the script itself would verify the password from the environment variable for the edit field on the form that invoked the script.
Am I heading down the right path or is there some other more standard way to do this?