What is good practice for writing web applications that manage daemons (and their configuration files)

Question

What is good practice for writing web applications that manage daemons (and their configuration files)

Can someone offer some basic guidelines for working with web applications that interact with configuration files such as httpd.conf, binding zone files, etc.

I understand that this is bad practice, in fact it is a very dangerous possibility of arbitrary code execution without fully checking it, and so on. But say that you are tasked with writing a small application that allows you to add vhosts to your apache configuration.

Does your code run with full privileges, write future variables to the database and do the cron job (with full privileges), run a script that pulls vars from the database and passes them to the template configuration file, etc.

Some thoughts and materials on this issue will be appreciated.

tl; dr - how can you safely write a web application to update / create entries in a configuration file like apache httpd.conf etc.

+5

python php ruby-on-rails database-administration system-administration

Jones r Jan 01 '10 at 7:34

source share

2 answers

Lennart Regebro · Answer 1 · 2011-01-01T08:31:32+0000

I am not a Unix security guru, but some basic things to think about:

Make sure that your web application runs as a specific user and make sure that the user has privileged rights only to the files that he needs to modify.
, , , , , , az 0-9 ..
HTTPS .

, .

S.Lott · Answer 2 · 2011-01-01T13:56:15+0000

, , ..

True.

, , vhosts apache.

. . , ?

vhosts - script. script . . " ". " " ( , , ).

"-". . , " vhosts apache" "-, ".

script, . . , . . sudo.

,

. script vhosts - .

" " script, vhosts. - , , -, - , script, vhosts. script -, script.

cron ( ), script, vars ..

. . .

celery , . http://ask.github.com/celery/getting-started/introduction.html

What is good practice for writing web applications that manage daemons (and their configuration files)

More articles: