[thelist] Elevated user access for PHP exec ?

Jared Eikenberg jeikenb at jeikenb.com
Wed Oct 31 07:30:37 CST 2001

I do this with some of our system management scripts that require root
or super-user access. The most secure method of doing this is via the
sudo package. See below for detailed instructions. If you're in a
shared-hosting environment, which I don't believe you are since you have
root access, take a look at my post on Zend's message boards
<http://www.zend.com/phorum/read.php?num=3&id=6927&thread=6922> for more
security measures.

-Jared Eikenberg


If you have sudo setup on your system (most Linux distributions install
it by default [or get it for free at http://www.courtesan.com/sudo/]),
use the `visudo' command to edit your sudoers file (you have have to do
a `find / -name visudo' to find it since it's usually inside a directory
not in your path). Here's an example of what I added to the file to
allow apache (running as httpd:www) to execute the
`/var/qmail/bin/qmail-qstat' and `/var/qmail/bin/qmail-qread' commands:

Cmnd_Alias QMAILQSTAT=/var/qmail/bin/qmail-qstat,

Now, in PHP I can make a system call and execute the `qmail-qstat'
command using:

system("/usr/local/bin/sudo /var/qmail/bin/qmail-qstat", $sysresStats);

-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Cameron McCormick
Sent: Wednesday, October 31, 2001 5:51 AM
To: thelist at lists.evolt.org
Subject: [thelist] Elevated user access for PHP exec ?

Im looking for some way to run a php exec or something similar as a root
user (this is for a special application, so I'm not going to hurt
doing this), from what I can gather it is running as httpd from exec'ing
whoami. What would be the best way to let it run as root? is there a
change that needs to be made, or is there something that can be done to
command itself? any help is appreciated.


For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !

More information about the thelist mailing list