Granting apache sudo rights secure?
 

Can someone please share some thoughts on a security situation I have come across while working for a client.

Here a brief description:
I have setup a VPS server, created two accounts to two domains respectively, and in one account I built a tool to manage other accounts. I have been rigorously researching and found information, however not implemented yet, about granting apache sudo rights through an interface on one account, so that it can execute scripts as root to manage installations in other accounts. what I mean this is my tool will use 'rsync' to duplicate installations from any account into any account.

My question for security, is it secure to grant apache sudo rights? I have not resolved successfully granting it permissions, and I would not want to waste my time investigating more on it if it can compromise the system in any way.

In your experience, is it feasible to build such a tool like I described? I have the tool working to copy within account and to addon domains and it works great, but I want it to manage all accounts on the server.

Thank you for your time, your advice is gladly appreciated.

Regards,

- Is there a particular reason to re-invent the wheel when there already exist actively developed, maintained and supported toolkits?
- Who will be authorized and authenticated how to use the tool safely and from where?
- Do you have the necessary coding skills?
- Do you adhere to safe coding standards?
- Do you scrub user input, reject on fail and abort on error?
- Are you aware of the top ten coding mistakes related to the language your toolkit is programmed in?

I am particularly aware and knowledgeable in the questions you posed unSpawn, I am not an expert, rather at intermediate application development. I have made some mistakes along the way, and like everyone else learned from those mistakes. Thank you for those challenging questions.

The last item you mentioned I found very ambitions to learn about and found something useful at: http://www.ibm.com/developerworks/op...pps/index.html which I understood right away.

As far as why I asked this question, well the internet is flooded with information about this particular topic, and I decided to involve myself in forums as a new means to become an expert one day.

Whats the best tool you recommend to copy from one domain account to another domain account within same server? Currently I administer this via root SSH with rsync to copy, then chown to change ownership. I am looking for a GUI so that the non-technical client can administer this.

Looking at recurring themes in for instance PHP, security issues aren't as much related to back-end procedures or tools but front-end ones like input validation and error handling. A lot of errors stem from failing to recite the "What is not explicitly allowed must be denied" mantra. Since you mentioned VPS have you explored use of templates via a OSS VPS panel?