AnotterKiosk
AnotterKiosk copied to clipboard
Clean up webserver permission handling
Currently, the www-data user (and nginx/webserver) is being able to sudo to the root user. This still requires an exploit in the (relatively small amount of) PHP code on the system, but other issues in PHP-FPM or nginx might endanger the system here.
It's not required to have sudo permissions, if the system statistics reporting would be done by an external service.
See https://github.com/Manawyrm/AnotterKiosk/issues/2#issuecomment-1639644032