Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: apache user run limited ps command on linux ES 4.0

If i turn SElinux off then apache user is allowed to run ps -ef ( or
other cmd )
The problem is that now the system is less secure.
Im looking for  somthing that will not indanger the system and still
let me use ps command.

Im trying to limit some options in the SELinux suit and see what will
work.

Thanks,
Ori



Roy Schestowitz wrote:
> __/ [ Roy Schestowitz ] on Sunday 14 May 2006 11:27 \__
>
> > __/ [ avivi.ori@xxxxxxxxx ] on Sunday 14 May 2006 07:59 \__
> >
> >> <snip />
> >> I have a perl cgi that works fine on  RH linux 7.2 with httpd 2.0.46
> >> One of the things it do is running the ps -ef command for system
> >> monitoring.
> >>
> >> When i moved that script to RH ES 4.0 with httpd 2.0.52
> >> The apache user is running a limited ps -ef command.
> >> It only showes the apache ps command itself.
> >>
> >> <snip />
> >
> > It is possible that this option is not supported on the new Linux
> > distribution. I suggest that you run:
> >
> > ,----[ Command ]
> > | man ps
> > `----
> >
> > See if -ef is listed among the options. If not, use the existing option to
> > achieve what you are after. Different variants of ps seem to exist, so your
> > mileage may vary. You can install something that is similar to what you
> > used to have.
>
> __/ [ avivi.ori@xxxxxxxxx ] on Sunday 14 May 2006 11:37 \__
>
> >  <snip />
> > The -ef option is avilable. i can use it from prompt.
> > <snip />
>
> __/ [ avivi.ori@xxxxxxxxx ] on Sunday 14 May 2006 14:06 \__
>
> > Well, in the end it was SELinux
> >  <snip />
>
> So I'm assuming it resolved...? Care to elaborate on how this was rectified?
>
> Roy
> 
> PS: Please see http://www.safalra.com/special/googlegroupsreply/


[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index