Scripts with root privileges launched from a web browser
Hello,
I am currently developping a web-based administration interface, using php. My question is: How can I launch scripts requiring root privileges from the web browser? Example: an interface to launch snort with a button that will trigger: /etc/init.d/snort start Thanks guys in advance. |
Moved: This thread is more suitable in Programming and has been moved accordingly to help your thread/question get the exposure it deserves.
|
Thank you win32sux :)
I hesitated between putting it here or in the security section, because yes it is more a programming question. But somehow there's a security concern! let me explain: First I used a technique of escalating privileges for running root commands: but having two compiled C programs launched by the web page: the first being owned by www-data, and the second by root with setuid bit. Yes you guessed it : too complicated! But it had the advantage of having multiple C programs running each a specific command (predefined), with a low possibility of seeing a random command run. Now setuid scripts can't be run root. So I'm trying su-php with minuid = 0! but it seems to me a big security concern! Thanks for giving advises! |
Would it help if you sudo the privilages to apache user? (or whoever the web server runs under?)
|
what about an application server?
I use a simple one I knocked up at work for simple intranet CGI stuff. I was using so many network transactions I made a generic app to save rewriting networking code. the CGI makes a client request, the server runs on another machine and deals with it. so the server runs under whomever you want. I have a bunch of scripts in a special location, which are run by the server when requested. It's dead simple. So you need a new command just add a new shell script wrapper and call it from the CGI script. A bit like rsh but a bit safer as the scripts can only be in a certain location. |
A few things here:
https://www.linuxquestions.org/quest...d.php?t=452660 |
Thank you guys very much!
I really appreciate! I'm gonna give it a shot, and think about each suggestion. Thanks again :). |
All times are GMT -5. The time now is 01:10 PM. |