LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices



Reply
 
Search this Thread
Old 02-06-2012, 12:38 AM   #1
nonshatter
Member
 
Registered: Aug 2010
Location: Hants
Distribution: SLES, Ubuntu, Centos
Posts: 41

Rep: Reputation: 0
Running a single command/script as root user through Apache/PHP


Hello

I have a requirement to execute a python script as root user through the browser.

I have a PHP web script which I want to shell out of and call a python script (The python script utilizes the selenium firefox web driver to capture automated screenshots). The python script needs to be run under the root environment.

I know it's not recommended to give root access to www-data, but it is the only way I can see that this will work.

The PHP call I am using is shell_exec, then I am trying to pipe a password through so it can be run as root:

PHP Code:
shell_exec("echo 'root_password' | sudo -u root -S python /usr/sbin/webdriver 'arg1' 'arg2'"); 
Is there a way to allow www-data to run the script as root? Preferably I would only like to give Apache root access to this one command, so that I'm not left with a completely vulnerable system - I have heard that the sudoers file can be edited to permit www-data to run certain commands as root? Bare in mind that the python script may invoke several other processes such as firefox, Xvfb etc.

Code:
www-data ALL=(ALL) NOPASSWD: executable_full_path
In this example, would the executable_full_path be the path to python? Or the path to my python script?

Nb: I have the default visudo config for Ubuntu 10.04.01 LTS:

Code:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

Defaults        env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL

# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d

# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
~
~
Thanks and Regards,
ns

Last edited by nonshatter; 02-06-2012 at 12:53 AM.
 
Old 02-06-2012, 01:34 AM   #2
nonshatter
Member
 
Registered: Aug 2010
Location: Hants
Distribution: SLES, Ubuntu, Centos
Posts: 41

Original Poster
Rep: Reputation: 0
I have managed to get it working!

By editing the sudoers file, I have given www-data root permissions to run the python script:

Code:
# User alias specification
www-data ALL = NOPASSWD: /usr/bin/python,/usr/sbin/webdriver
I am not sure if I need both the path to python and the webdriver script, or if I can remove one of them. Nevertheless, it works and I'm happy.

Cheers,
ns
 
  


Reply

Tags
apache, php, root


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Bash script: su another user and ssh in the single-command Droa Programming 9 10-13-2011 04:43 AM
Running a command as another user in a bash script ran as root? camphor Programming 2 03-29-2009 04:11 PM
running a php script from command line leicaphotos Linux - Newbie 1 10-10-2008 02:24 PM
Running A Single Command In A Script As A Different User Woodsman Slackware 4 06-16-2008 07:08 PM
Running shell script with PHP in Apache mr_scary Programming 2 10-20-2006 05:17 PM


All times are GMT -5. The time now is 04:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration