On 20.08.2016 23:59, Jonathan Billings wrote: >> On Aug 20, 2016, at 15:00, Walter H.<Walter.H at mathemainzel.info> wrote: >> >> Hello, >> >> how could it be achieved to run >> e.g. >> shutdown -h now >> from a CGI script on a system where SELinux is set to ENFORCING? > > Short answer: don't. You could probably create a custom selinux policy that allowed it but you'd be opening your system up to more security issues. > > If it were me, I'd have the cgi drop a file in a known location, and have an external process (possibly started through cron) monitor the file, then run shutdown conditionally. > > I thought of such a mechanism; I also want to show some states which also need priviledged rights e.g. arp, iptables -L -n -v, ... but these are many write access to the disk, shutdown/restart just generate one write access by the CGI script and the cron job deletes this generated file and does the shutdown or restart where is the "best" directory I could do this "communication"? e.g. /var/lib/box? Thanks, Walter