.htaccess style support in existing nginx

Andre Jaenisch andrejaenisch at googlemail.com
Fri Oct 26 08:20:00 UTC 2012


2012/10/25 rahul286 <nginx-forum at nginx.us>:
> Another approach is to add PHP user to sudoers list and allow them to execute only one command "www-data ALL=NOPASSWD: nginx -t && service nginx reload"

Another suggesting to save your idea:
Fetch pen & paper and list commands users would need to change the
things you had in mind.
Then think of (or ask someone) wether it would be possible to do
anything harmful with just using these code.
If no -> Allow users to execute those command.
If yes -> Is your idea realisable in another way?

However, whitelisting (allow just certain commands) is always better
than blacklisting (forbid certain commands).
Maybe you could just save some settings using JSON or so.
But as shown above by Jonathan Matthews be careful of harmful code.

Regards, André



More information about the nginx mailing list