[thelist] Elevated user access for PHP exec ?
Jared Eikenberg
jeikenb at jeikenb.com
Wed Oct 31 07:30:37 CST 2001
I do this with some of our system management scripts that require root
or super-user access. The most secure method of doing this is via the
sudo package. See below for detailed instructions. If you're in a
shared-hosting environment, which I don't believe you are since you have
root access, take a look at my post on Zend's message boards
<http://www.zend.com/phorum/read.php?num=3&id=6927&thread=6922> for more
security measures.
-Jared Eikenberg
----------
If you have sudo setup on your system (most Linux distributions install
it by default [or get it for free at http://www.courtesan.com/sudo/]),
use the `visudo' command to edit your sudoers file (you have have to do
a `find / -name visudo' to find it since it's usually inside a directory
not in your path). Here's an example of what I added to the file to
allow apache (running as httpd:www) to execute the
`/var/qmail/bin/qmail-qstat' and `/var/qmail/bin/qmail-qread' commands:
---
Cmnd_Alias QMAILQSTAT=/var/qmail/bin/qmail-qstat,
/var/qmail/bin/qmail-qread
httpd ALL=NOPASSWD: QMAILQSTAT
---
Now, in PHP I can make a system call and execute the `qmail-qstat'
command using:
system("/usr/local/bin/sudo /var/qmail/bin/qmail-qstat", $sysresStats);
-----Original Message-----
From: thelist-admin at lists.evolt.org
[mailto:thelist-admin at lists.evolt.org]On Behalf Of Cameron McCormick
Sent: Wednesday, October 31, 2001 5:51 AM
To: thelist at lists.evolt.org
Subject: [thelist] Elevated user access for PHP exec ?
Im looking for some way to run a php exec or something similar as a root
user (this is for a special application, so I'm not going to hurt
security
doing this), from what I can gather it is running as httpd from exec'ing
a
whoami. What would be the best way to let it run as root? is there a
config
change that needs to be made, or is there something that can be done to
the
command itself? any help is appreciated.
Cameron
---------------------------------------
For unsubscribe and other options, including
the Tip Harvester and archive of TheList go to:
http://lists.evolt.org Workers of the Web, evolt !
More information about the thelist
mailing list