Hello,
I'm working on an embedded linux project that provides a devices that uses an IPSec VPN (using racoon) to connect back to base. The device also hosts a WebApp that allows admin users to change many aspect of the networking setup, including things like the VPN pre-shared-key, IP addresses and user passwords. This requires the WebApp to be able to access protected files such as /etc/network/interfaces, and racoons psk.txt as well as programs such as usermod.
My question is, what is the best and most secure method of accessing these protected files from the WebApp code?
The WebApp is running through lighttpd, and uses php for the server-side scripting. Currently, php code calls shell scripts (using exec() ) outside of the document-root that then access the files. The shell scripts are owned by the webapp user, and use sudo to access protected files and programs. This requires the webapp user to have permissions in the sudoers files for programs such as cp, cat, and usermod. All of which I believe make this a very insecure system. The only other choice I thought was to setuid the shell scripts.
What would be the normal method of accomplishing such things for a web application? Any advice on a secure method of doing this would be most appreciated.
Thanks very much
Rob