António José (ajose) wrote,
António José

  • Mood:

Columbus Egg!

That's really a Columbus Egg!

I've been thinking throughout this whole application that the methods that I'm using to get unprivileged users do things that only the root user should do is not good.
But so far, the only idea I had was to write a deamon that would be running as root and carried out the commands a unprivileged user would request.
And that by using a TCP network connection.

Right, that's a good idea.
In this case I don't have to care if the deamon is on the same server than where I'm running the WEB interface and that as a lot of positive points.
But for this application is an overkill and I would have to setup a number of security measures to insure that no one outside the allowed servers would be able to use it.

And then it stroke me.... Why not using a named_pipe?
They are buffers for inter process communication (IPC) and are there and available.
And, with them, there is no problem for access from another server as they only work inside a single computer.

So, I think, that is the answer!
It's not going to enter in this version I'm writing at the moment (it would require quite a lot of rewriting and I'm already to much delayed from the original schedule. But after this version is ready, I'll re-write it to use this.

Now, I'm going for a little test just to see if it all works as expected!

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded