diff options
author | Egor Tensin <Egor.Tensin@gmail.com> | 2021-02-27 16:00:11 +0300 |
---|---|---|
committer | Egor Tensin <Egor.Tensin@gmail.com> | 2021-02-27 16:00:11 +0300 |
commit | 9257e15f5ec6d8029bd98361f23535aa333850b8 (patch) | |
tree | ce5b646bc76d460dde156d4d7de26f2271123142 /cgi-bin/get.sh | |
parent | merge CGI scripts into one (diff) | |
download | linux-status-9257e15f5ec6d8029bd98361f23535aa333850b8.tar.gz linux-status-9257e15f5ec6d8029bd98361f23535aa333850b8.zip |
Python server can now be run as root
If run as root, the server queries all the users.
Diffstat (limited to '')
-rwxr-xr-x | cgi-bin/get.sh | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/cgi-bin/get.sh b/cgi-bin/get.sh new file mode 100755 index 0000000..ea4f4ce --- /dev/null +++ b/cgi-bin/get.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset -o pipefail + +script_dir="$( dirname -- "${BASH_SOURCE[0]}" )" +script_dir="$( cd -- "$script_dir" && pwd )" +readonly script_dir + +# Python's http.server runs CGI scripts under user nobody. +# This is not what we want unfortunately. +# The best solution I could find so far is to create an entry in +# /etc/sudoers.d, allowing the nobody user to run the real scripts w/ sudo. +if [ "$( id --user --name )" == nobody ]; then + sudo --non-interactive --preserve-env "$script_dir/get.py" +else + "$script_dir/get.py" +fi |