What is good practice for writing web applications that control daemons (and their config files)

Question

Can someone suggest some basic advice on dealing with web applications that interact with configuration files like httpd.conf, bind zone files, etc.

I understand that it's bad practice, in fact very dangerous to allow arbitrary execution of code without fully validating it and so on. But say you are tasked to write a small app that allows one to add vhosts to an apache configuration.

Do you have your code execute with full privileges, do you write future variables into a database and have a cron job (with full privileges) execute a script that pulls the vars from the database and throws them into a template config file, etc.

Some thoughts & contributions on this issue would be appreciated.

tl;dr - how can you securely write a web app to update/create entries in a config file like apache's httpd.conf, etc.

Answer 1

I'm not a Unix security guru, but some basic things to think of:

• Make sure your web app runs as a specific user, and make sure that user has privileged rights only to those files which it is supposed to modify.

• Do not allow arbitrary inputs to be added to the files, have strict forms where each field is validated to contain only things it should contain, like a-z and 0-9 only, etc.

• Use HTTPS to access the site.

I'm sure there is more to come from the real gurus.