Re: Reloading/probing named as a non-root user

["Mikkel L. Ellertson" <mikkel Infinity-ltd com>]

On Thu, 29 Mar 2001, Andreas Lund wrote:

>
> I'm writing a CGI script to maintain DNS zone files via web, and it's coming
> along just great. Now I want to let admin users reload the zone files, but I
> can't figure out how to do it. Here's what I tried:
>
> 1. As root, I created a tiny shell script called "reload":
> #!/bin/sh
> /etc/rc.d/init.d/named reload
>
> 2. I made it executable:
> chmod +x reload
>
> 3. I made it SUID:
> chmod u+s reload
>
SUID does not work on scripts, only programs.
>
> 4. I changed to the web server user:
> su - nobody
>
> But when I try to run the script:
> ndc: error: ctl_client: evConnect(fd 3): Connection refused
> ndc: error: cannot connect to command channel (/var/run/ndc)
>
> Any idea how I can get around this problem? For now, I reload named every 24
> hours via cron but this is not an ideal solution.
>
>
> Andreas Lund (floyd@atc.no)
> -- Tel: +47 90.07.71.62 / +47 63.88.33.56
> Ano-Tech Computers (http://www.atc.no/)
> ** Western civilization? I think it's a good idea **
>
>
One way to do it would be to have a flag file that signals that a reload
is needed, and a cron job that runs every n minutes that issues a
"/usr/sbin/ndc reload" command and clears the flag file.  You could also
check the modifed date on the zone files, and use that as your reload
flag.

Mikkel
-- 

    Do not meddle in the affairs of dragons,
 for you are crunchy and taste good with ketchup.