How to run a program as root.
 

When a form is submitted from the web, I want to run a program on my linux server to process the submitted data.

Unfortunately, that program must be run as root, but my web server only runs under the user apache.

How do I temporarily switch to root just to run the program in question?

Thx.

Or maybe you have sudo setup, in which case you can just do "sudo program" instead.

You should be aware that processing web forms with a program that has root privileges is very insecure. There's probably a better way to accomplish what you want. If you'd explain what you want to do, I'm sure someone would find a more secure way to set things up.

Regards,

Lotharster

What I'm trying to do is create the ability on my website for users to signup for their own email accounts online. That process requires root privileges.

Wouldn't su -c "program" require a password?

I guess I can just test it out and see what happens.

Yes, it does require a password.
No, you didn't specify that passwordless login was required.

The idea that an anonymous web user has access to a root account any point is just asking for ownage, sorry.

It's not as gloomy as you paint it. As long as the submitted data is sanitized before being used on a command, I don't see the danger.

Let's say the command to add a new email address is:

{mail server home}/bin/vadduser web_data

where web_data is the email address submitted from the web.

What's the worse that could happen?

The user could submit a login name like "newaccount ; /usr/bin/rm -rf /". Of course, it's easy to defend against this when you're aware of it. But sanitizing the submitted data against every possible attack (especially the ones you don't know about) is really hard.

What I#d do is set up sudo. You can specify that the apache user may only execute certain commands as root, and can even configure passwordless access.

I would suggest not trying to reinvent a (flawed from the start) wheel but look into existing SW. It saves you headaches and prolly a server and in return you also get a (hopefully) tried and tested tool, support, etc, etc. There must be packages for just doing that on Freshmeat and Sourceforge.

What about chrooting the apache environment, and let apache run as root.
Or even better setup your mail system to run as the apache user (or some other non privileged user)?
I have no idea of what mail system you're using, but that's probably the way I would have tried to solve it...

I see your point here. However, newaccount ; /usr/bin/rm -rf / clearly won't be acceptable as an email address. An email address has a narrow definition of acceptable characters.

So, while your point is good in general, in my particular case, it doesn't apply.

So, once again, I ask:

If I run as root

{mail server home}/bin/vadduser web_data

where web_data is the email address submitted from the web. What's the worse that could happen?

I have looked with no success.

I'm looking into this idea. I'm not formally trained in Linux, so everybody's input is a major help. Thanks to you all.

Here is what I did finally:

I edited /etc/sudoers file

# visudo

and added the line:

apache ALL=(root) NOPASSWD: {mail server home}/bin/vadduser

So now in my PHP script, I can do:

sudo -u root {mail server home}/bin/vadduser web_data

At least now only the program vadduser can be run as root by apache. Is this still risky? Better ideas welcome.