LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 05-14-2012, 04:31 PM   #1
Droa
Member
 
Registered: Oct 2011
Location: ~
Distribution: Debian 7
Posts: 60

Rep: Reputation: Disabled
how can i write to a root:root 750 file with a non-root user?


hey guys, so i am trying to setup a gateway server, with a debian, using iptables as my firewall / router system.

problem is, i've made a WebInterface for it, that does the same as TurtleFirewall, but with less advanceness in it, as the people why want to use it, does not know a single thing about iptables, or command lines.

so my webinterface is running on a Apache2 service, with PHP5 scripting.

it generates a file called /var/nonpublic/router/iptables.new.rules

and i want to push thouse rules into action, when they are made.

but ofcasue i run the apache2 service as a restriced user, as it would be wierd otherwise.. and i wondereed if there was a way to, push them into action?

i've been thinking on a root cron job, running in a 1 minute interval, but i really wanted another way?

how does webmin do it? or any other webinterface, that writes to SuperUser files?
 
Old 05-14-2012, 07:49 PM   #2
Kustom42
Senior Member
 
Registered: Mar 2012
Distribution: Red Hat
Posts: 1,568

Rep: Reputation: 411Reputation: 411Reputation: 411Reputation: 411Reputation: 411
There are some HUGE security risks by doing what you are doing but there are a few ways to skin this cat.

You can first look at using the setuid/setgid permissions. In Linux the octal permission set is actually 4 digits with the first digit allowing you to set special permissions like setuid and setgid.

Take a look at http://www.cyberciti.biz/faq/unix-bs...x-setuid-file/

A more secure, but still vulnerable, way to go about it is using the suphp extension which allows PHP to run certain scripts and files as the owner of the file, in this case root.

See www.suphp.org and http://www.howtoforge.com/apache2_suphp_php4_php5
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] how can i remount root filesystem as read/write after modify readonly-root file jcwkyl Linux - Newbie 3 12-21-2010 10:40 PM
How can I have a script owned as root and run as root by a user: setuid? stickey bit? abefroman Linux - Newbie 9 04-19-2008 05:15 PM
why lftp command run failed when user isn't root, but ok when logining as root steven_yu Linux - Software 0 06-06-2007 08:36 PM
root files: create as root:root or root:wheel? pcass Linux - Security 1 02-07-2004 04:14 PM


All times are GMT -5. The time now is 03:38 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration