Lighttpd

you dont want to do that. have a small daemon running as root and your perl app talking to that.

Thx for quick replay.

Indeed this is good idea, but is it only possible one ?

You know - for implementing this I have to arrange v.simple perl client-server setup with ipc.

I would prefer solution based on changing perl execution context from http to root as this will require minimal effort in existing perl scripts.
Is it possible ? (beside changing http server group:user from http:http to root:root. Changing it is bad idea from security point of view :-()

br

sudo

sudo allows you to limit the commands that can be run and even restrict the cmdline.

but make sure you properly escape all arguments that an user can enter. ideally there wont be any user supplied arguments in the list.

Right,

sudo was first thing which I tried.

what I do:

in perl scrip I have:

$cmd = "sudo /sbin/sv restart /var/service/smbd 2&1 2>/dev/null |>";

Well - executing this produces nothing.

If I remove sudo - I get:

Commandline: /sbin/sv restart /var/service/smbd 2>&1 2>/dev/null |
Output: warning: /var/service/smbd: unable to open supervise/ok: access denied

in your cmdline output the sudo is missing :)

double check it is really used.

Well, my post wasn't enough consistent :-p

last 2 lines are lines showing output without sudo.

For cmd with sudo output is following:

Commandline: sudo /sbin/sv restart /var/service/smbd 2>&1 2>/dev/null |
Output:

Strange.