Another sudoers question
I know that there have been many sudoers questions on forums and here's another one. I'm trying to write a PHP script that creates a file and changes back ownership to the user of the workstation. The problem I am having is that I can't change ownership from apache to myself. I tried running a system command thinking that because the apache server was the owner of the file, one should be able to change ownership of the file it created. Wrong. A coworker told me that you still needed to logon as root. I didn't want the end user of this script to have to login as root. The process should be a black box for them. I then tried to alter the sudoers file to allow apache to use chown. This didn't work so I tried to allow apache to do everything ("apache ALL = NOPASSWD: ALL"). That still didn't work. How do I allow apache access to be able to change ownership of a file it created in a PHP script to the user of the workstation? Do I need commands in the sudoers file in addition to the aforementioned one? Here is a simple php script that describes what I am doing:
<?php shell_exec("touch test.txt;chown duffyg test.txt"); ?> After editing the sudoers file, I tried the command 'sudo -u chown duffyg test.txt' in place of the command you see in the script. Thanks |
I suspect the syntax of the line you added into /etc/sudoers is wrong.
It should look like: Code:
apache ALL=(ALL) NOPASSWD: ALL The command you should use (once the sudoers file is properly edited) is: Code:
$sudo chown duffyg:duffyg test.txt |
Thanks for the help Yas.
This did not work. Apache still owns the file after I changed the sudoers file and ran the script... |
What distro/version are you using?
Have you tried to run the command in my previous post from the terminal (that is not via your script)? Also, post the contents of your /etc/sudoers |
1 Attachment(s)
Quote:
Quote:
Quote:
PHP Code:
|
1. check what user apache is running as: it may be http or www. Run top or check the /etc/passwd file
2. amend that line in sudoers to only allow the chown cmd. 'ALL' is extremely dangerous if anyone manages to exploit your apache. 3. If this only need run on this one machine, don't specify ALL eg Code:
apache <your_system>=(root) NOPASSWD /bin/chown Incidentally, your sudoers file has a lot of ALL users run ALL cmds eveywhere as anyone... are you sure you want that?? |
All times are GMT -5. The time now is 02:32 AM. |