a worldritable script lets someone not trusted change such script.
the other thing, the script has sudo rights without a password.
That would be like giving the key to your house to someone unknown.
A matter of time before accidents happen.
I never heard of anyone wanting Apache to be able to shut the server down, but I dont get out much
Ummm… I understand to make the script NOT world writeable…
Yes I am trying to make the script sudo with no pass, but it’s not working.
I need to be able to shut down the server because it seems like the easiest way to interface with the UPS system already in place at the company I am contracting for. If I can have their daemon wget a web page, that seemed secure enough.
How would you do it? Based on $0 budget, of course.
I have either remote access card in the server or have it on a APC for shutting down or rebooting. I never had to think about a php script. Webmin uses a script called shutdown.cgi per haps you can use this?
That shutdown.cgi script would be sweet, but how could I call it without being logged in to webmin? The machine that IS plugged into the master UPS is the only one who knows when it’s time to die, and it needs to get a signal to the others, but there is no network signalling software such as that used by APC, (apcupsd?? IIRC).
And there’s only ONE local port on the UPS to control a machine - and that’s a USB.
SOOoooo, calling shutdown.cgi sounds great. Or my own. Any ideas?