Program write access to root files
Hi guys, i got a local server, running as PXE Server, with low security priority.
i made my own Linux Booter, with a little fidling with a Linux sysrescue cd.
It really works great, as long you know the right commands.
i used Linux Sysrescue cd, to boot up into busybox (as it normally does), but with a nfs partition, with some tool scripts, to take backup and restore images on the local hdd, and fix hdd UUID, grub, and other network things, and things we need.
currently the command to backup is
/mnt/scripts/install BACKUP TYPE=CTO-Serial
it will then do:
backing up MBR.
backing up all available local drives from /dev.
empty temp files used by yum and apt-get in the images.
now the restore is a but more advance, as it is able to add one-time startup scripts:
restore all available drives from the archiver file, into /dev.
reinstall grub to make it work again.
rewrite the fstab.
insert the aviable script for this image or mac-addr into the init.d folder, and add them to the startup, as a onetime script.
now my question is pretty simple, but i am just proud of my creation, as i am amazed i was even able to get it this fare, by alot of help from this forum, and for that i am really greatfull :)
but as i am the only linux geek at my workplace, they really wanted to make it simpler, to add thouse custom scripts to an image.
so i have been developing a java/servlet application, running from a local tomcat7 service, it needs to be able to edit directly into the pxelinux.0 folder, to add custom boot scripts, depending on mac-addr.. si i just added the folders group to the tomcat7 user.
now i got a problem that i also need to edit a root:root file, and i really dont want to add the root group to the tomcat7 user, and wondered if there was another way to do that?
Try sudo, but just make a script that runs from there that they can pass params to.
Don't(!) enable an editor via sudo, as its possible to break out into the root shell being run.
hmm i dont think i can run sudo trough java, as i dont want any password stored anywhere, in a accessable program.
however i've been thinking of breaking the program up, and add a service started by root, that manage tasks, given by the main part. by let them communicate trough a socket, it seems like the way i need to do it. but thanks for the idea
|All times are GMT -5. The time now is 11:09 PM.|