how to let the php/apache have the privileges to execute all the root shell commands
hi
i am new to linux i am working with php and iam trying to execute some commands using the PHP's (exec) command. but the commands didn't work. some simple commands like exec("echo 'test' > /tmp/test.txt"); work successfully while the other doesn't (root based commands). it seem like it has something to do with the SElinux becuase a problem message pop up when iam trying to execute this commands. is the problem with the php or the appache server. and how to make them have the privileges to execute this commands? sorry the answer may be simple but i am new to linux and php. sorry again for taking from your valuable time. |
it seem like the font is larger than what i thought it would be. sorry and hope that doesn't annoy you.
|
Suggest : hit the edit button and change the text.
Big shouting text will often be ignored = no answers. |
how to execute root based shell commands using PHP
hi. i am trying to use sudo to execute openssl commands in php program. the commands doesn’t respond. while the same commands work well in the terminal. the command is as follow.
exec(”openssl req -config /etc/pki_jungle/myCA/openssl.my.cnf -new -keyout /etc/pki_jungle/myCA/private/server.key -nodes -out /etc/pki_jungle/myCA/server.csr -days 365″); the configuration file openssl.my.cnf is modified so that the creation of the signing request is batched and no further input is needed. what is the problem? notice that i have used the absolute pathes :cry: |
Quote:
Quote:
Since you're new to GNU/Linux this all might be a bit too much. Getting acquainted with operating GNU/Linux in general (your distro's docs, Rute, etc), reading documents and (then) asking more informed questions would be a good course of action. Quote:
You have a question and you came to the right place. Just please don't muck with fonts again. |
i am working with fedora 8, i am not sure of the version of the php and the apache server (i think it is version 2). the application that i am trying to make is a small certification authority. in this design the computer should not be connected to other devices. only one device is connected to this computer via the database. the firewall should stop all the other connections.
the php commands doesn't support the CRL so i decided to use the shell script via the php. i am using simple php file that should generate the certificate sign request. the file is as follow Quote:
Quote:
the configuration file openssl.my.cnf is modified so that the creation of the signing request is batched and no further input is needed. notice that i have used the absolute pathes in the command |
ok. how to merge it. please delete this thread and i will continue in the other one. i am so so sorry for the inconvience.
|
Quote:
Quote:
Quote:
|
when i execute the "whoami" via the php. i get the result is apache. and when i use this value in the sudoer file, nothing happen. please suggest me some thing
|
Quote:
Since creating a CA and CRL is a one-off, instead of doing everything through PHP, maybe look into an 'expect' script or a shell 'here document' script driving creation? |
Two related threads have been merged.
|
first,you need to know which user apache is running.(you can know that by viewing the apache configuration file(httpd.conf),for me it is apache user.
second,you need to add root priviliges to that user: using visudo and add this line(you are root): apache ALL=NOPASSWD: ALL then you create a php page to test it: <?php exec("/usr/bin/sudo /sbin/shutdown -r now 2>&1"); ?> if you are using fedora or centos you need to comment out this line using visudo: #Default requiretty good luck to you! |
hi linux newbie. thanks you very much for your note. i was doing all the above procedure except commenting the line
#Default requiretty before commenting the line, the php commands doesn't work when iam using sudo. for example the following command in the php Quote:
thanks again for your help |
another question. someone told me that there is some settings called the htaccess. and said that it is more secure than sudo. what is htaccess. and is it more secure. and how can i use it?
|
Quote:
What you're doing is equivalent to posting your root password on a web page. |
All times are GMT -5. The time now is 03:08 PM. |