How to run apache as root

christopher_c · 10-17-2007, 01:15 PM

I am aware of the vulnerabilities of doing so, although I am trying to find out how I can run apache root so I can add users through PHP using shell_exec.

TY

The_JinJ · 10-17-2007, 01:29 PM

Could you use sudo?

christopher_c · 10-17-2007, 01:57 PM

Quote:

Originally Posted by The_JinJ

Could you use sudo?

hmm, well, i tried doing:

Code:

<?php

echo shell_exec('whoami');

?>

and got

Code:

apache

as the result.

I then tried doing

Code:

<?php

echo shell_exec('sudo echo hello');

?>

and just got a blank page ><

I tried setting sudo priveleges in etc/sudoers by adding

Code:

apache ALL=(ALL) ALL

but still nothing ><

Any ideas what is wrong?

The_JinJ · 10-17-2007, 03:01 PM

Guess it could be a path problem? What does the error log say?

christopher_c · 10-17-2007, 04:01 PM

i checked my log when i tried running the script that had the code and got the following error :

Code:

Oct 17 19:42:54 localhost sudo(pam_unix)[19054]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=  user=apache

The_JinJ · 10-17-2007, 04:08 PM

Think you may need to set the allowable commands in sudoers?

http://www.gratisoft.us/sudo/man/sudoers.html#examples

EDIT

You have already doh! Ignore above

The_JinJ · 10-17-2007, 04:16 PM

Just a thought - did you use visudo to edit sudoers?

christopher_c · 10-17-2007, 07:53 PM

Quote:

Originally Posted by The_JinJ

Just a thought - did you use visudo to edit sudoers?

I was reading up on the /etc/sudoers file and how they say you MUST use visudo, but if I recall I didnt use it and just used Vi.

Although i might have gone back and went in through visudo...

Would that potentially be the prob?

jonwatson · 10-17-2007, 07:54 PM

Quote:

Originally Posted by christopher_c

hmm, well, i tried doing:

Code:

<?php

echo shell_exec('sudo echo hello');

?>

and just got a blank page ><

I think that's probably predictable. Sudo should prompt you for a password and since you cannot see or answer that prompt, I'm not surprised it bailed.

I have a friend working on something similar. If I remember, I'll ask him how he's doing it.

christopher_c · 10-17-2007, 11:20 PM

Quote:

Originally Posted by jonwatson

I think that's probably predictable. Sudo should prompt you for a password and since you cannot see or answer that prompt, I'm not surprised it bailed.

I have a friend working on something similar. If I remember, I'll ask him how he's doing it.

That would be great help

The_JinJ · 10-18-2007, 12:14 AM

Quote:

Originally Posted by christopher_c

I was reading up on the /etc/sudoers file and how they say you MUST use visudo, but if I recall I didnt use it and just used Vi.

Although i might have gone back and went in through visudo...

Would that potentially be the prob?

visudo checks for syntax errors amongst other stuff
Have a look at the NOPASSWD option
ALso noticed the posix_setuid option in the PHP manual - may be an option - but they are all so insecure

christopher_c · 10-18-2007, 11:03 AM

Code:

echo shell_exec("sudo echo hello");

output: hello

it works!

To be honest, im not 100% sure how it started working, I think there might have been an error in my sudoers file. I went back and used the visudo command and very precisely followed this link http://www.techenclave.com/forums/th...mmand-839.html
to give proper permissions and commands to run.

Thanks again guys, many thanks