LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Programming (http://www.linuxquestions.org/questions/programming-9/)
-   -   Is their a way to run a command as root..or another user.. in php (http://www.linuxquestions.org/questions/programming-9/is-their-a-way-to-run-a-command-as-root-or-another-user-in-php-19310/)

BaerRS 04-24-2002 08:37 AM

Is their a way to run a command as root..or another user.. in php
 
Is their a way to run a command as root..or another user.. in php

I know their are a log of security issues with allowing this.. I will tighten down security after I get it to work.

He is what I am trying to do.
I have squid & squid guard set up..

in squids redirect url.. (on the same box).. I would like to modify a checked/domain list (I'm currently doing this manually... though I think I know how to do this ..or at least the book I have does.) after it is modified I need to run the fallowing...

--update--
#!/bin/sh
./squidguard -C all #or a specific db.. but all covers... all
/etc/init.d/squid restart

I can run this as root or as squid..

I did create a test script which just copied some files in the /tmp dir..
--test--
#!/bin/sh
echo "this is a test"
cp /usr/local/httpd/htdocs/Block.html /tmp/Block.html

I can run this.. and it works with the fallowing....

<?php
$command="./test";
system($command);
?>

akohlsmith 04-24-2002 09:42 AM

sudo is your friend here
 
Sudo should be able to make short work of this problem. 'man sudo' for more help.

Basically it allows you to create a list of commands which may be run as other users by users. with sudo you can allow user 'nobody' (usually what apache runs as) to run squidguard but if someone were to get a shell on your system as nobody (remote exploit, etc.) they would not be able to run any other commands as root.

Unless, that is, they use a local root exploit. :-)

Syncrm 04-25-2002 02:38 PM

you also might want to consider scgi-wrappers. they'll allow certain cgi (php) scripts to act as a different user... you have to be the apache admin to install though.


All times are GMT -5. The time now is 05:36 AM.