Thanks for clearing that up. Since there is no way to feed su a password as a commandline argument, you will have to use some method to feed it a password string as a response to it's prompt. The classical method of doing this is with expect, which is a tool used to anticipate (expect) prompts and other standard output from commands, and to supply input to those commands. You would have to launch, from your PHP script (I'd use Perl here, but that's just me), an expect script which has been contrived to supply the password to su -c at the proper time. A huge hack, IMHO.
An even huger (did I just create a new word?) hack can be contrived using GNU screen, and exploiting its ability to stuff keystrokes/strings into it's console stream. There's an adventure for you.
The sudo/visudo combination seems a lot cleaner to me. It uses a system that was created specifically for the kind of purpose you are using. If your buddies can't follow a simple recipe to get the 'apache' user into the sudoers file, are they ready to be administrators of a system? Doesn't their system already have a GUI tool for administration of users and groups?
As a purely academic exercise, there is much to be learned by doing all of this, and on that level it seems like a worthwhile endeavor. As a practical approach to solving a problem, it doesn't.
Last edited by theNbomr; 06-26-2008 at 10:55 AM.