LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   Need to run a command, as root, from PHP (https://www.linuxquestions.org/questions/linux-server-73/need-to-run-a-command-as-root-from-php-739458/)

tibberous 07-11-2009 05:24 PM
Need to run a command, as root, from PHP
 
I am trying to make a web interface to run chmod commands as root. PHP is run as the apache user.

I thought I could create a shell script as root, set it as 555, and run it from apache - but it doesn't do anything. No errors, no output - nothing at all.

Any idea how I can do this? I am trying not to use sudo, because then they'll be a plain-text version of my server password sitting on the server.

Thanks

j-ray 07-12-2009 05:20 AM
even if the script is owned by root it is still executed by the apache user and still the apache user does not have the permission to change permissions of files that don't belong to him or are set to 0777 anyway...Could you create a group, "chown" the files to the group and make apache user member of that group? sth like that?

unSpawn 07-12-2009 05:36 AM
I wonder if there really is a need for running such an UI in the first place.
Maybe you're trying to find a workaround for things that should be solved differently.
Care to comment on the need to run chmod commands in the first place?


Quote:
Originally Posted by tibberous (Post 3604621)
I am trying to make a web interface to run chmod commands as root. PHP is run as the apache user.
If you're not a seasoned PHP programmer I'd suggest you look at other commonly used PHP-based UI's and see how they have solved things.


Quote:
Originally Posted by tibberous (Post 3604621)
I thought I could create a shell script as root, set it as 555, and run it from apache - but it doesn't do anything. No errors, no output - nothing at all.
Then interspersing your lines with echo statements and tailing the webservers access and error log might help.


Quote:
Originally Posted by tibberous (Post 3604621)
I am trying not to use sudo, because then they'll be a plain-text version of my server password sitting on the server.
See 'man sudoers', look for "NOPASSWD"?

tibberous 07-12-2009 04:24 PM
Quote:
Originally Posted by unSpawn (Post 3604946)
See 'man sudoers', look for "NOPASSWD"?
Can I use the sudoers file to only let the apache one run command, as root, without a password?

I made a program that does the chmoding:

PHP Code:
#include <stdlib.h>
#include <stdio.h>

int main(int argschar *argv[]){
    if(strlen(argv[1])){
        char command[500];
        
        command[0] = (char)NULL;
        strcat(command"chmod 666 -R /var/www/vhosts/");
        strcat(commandargv[1]);
        strcat(command"/httpdocs/*");
        
        printf(command"\n");
        system(command);
    }
    
    return 0;

So, you pass it the name of the site and it fixes the permissions (/fix.bin site.com)

Do I add something like this in the sudoers file?:

apache ALL=NOPASSWD: /fix.bin

I tried it, and then put this in my php script, and it still doesn't work:

echo `sudo -u root -n /test.bin`;

I'm not sure if the -n flag is right or not - I am trying to switch off the password prompt.

unSpawn 07-12-2009 05:47 PM
Quote:
Originally Posted by tibberous (Post 3605421)
PHP Code:
strcat(command"chmod 666 -R /var/www/vhosts/"); 
...and that's why I asked if there really was a need for running an UI in the first place. There clearly is no need: you're trying to be creative the wrong way. DAC rights problems must be solved in the standard way. Unless, in your infinite wisdom, you decide that making directores inaccessable to all or having a world-writable file called "vhosts/" (?!) is somehow standards compliant, please cut the chase and explain the real problem you're having.


All times are GMT -5. The time now is 02:56 PM.