LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 05-11-2006, 06:35 PM   #1
rblampain
Senior Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 9.2
Posts: 1,106

Rep: Reputation: 48
group creation + adding users without root permission


I have a PHP script that creates directories (and files) according to user input and from a user root directory.
These users belong to a small group of about 20 (let's call these "main users")

The main users need to allow other users (selected by each main user) to write files to these directories by way of HTML textarea.

Main user needs to create a group for each directory created and add to it users that are accepted, there is a need to do this without "root" intervention (through scripts) and to make the files written to these directories RO after they have been written.

It looks like ACL could be the solution but it's only executable by root as I understand.

What could the options be?

Thank you for your help.
 
Old 05-11-2006, 06:45 PM   #2
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,379

Rep: Reputation: 148Reputation: 148
Since it is the script that needs the permission you can give the web server permission on sudoers (but then ensure that your authentication is good!)
 
Old 05-12-2006, 04:54 AM   #3
rblampain
Senior Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 9.2
Posts: 1,106

Original Poster
Rep: Reputation: 48
I had never used this, it looks like it's what I need. Thank you.
 
Old 05-12-2006, 05:14 PM   #4
rblampain
Senior Member
 
Registered: Aug 2004
Location: Western Australia
Distribution: Debian 9.2
Posts: 1,106

Original Poster
Rep: Reputation: 48
I can't get it to work.
I have run visudo and the /etc/sudoers file has these 2 lines:
root ALL=(ALL) ALL
www-data ALL=(ALL) ALL
(Apache2 runs as www-data:www-data)

I added these 2 lines in the php script and tried some other variations that didn't work.
exec('sudo chown($name,chair)');
exec('sudo chgrp($name,meetings)');
What's the correct way of doing this?
Thank you for the assistance.
 
Old 05-12-2006, 05:33 PM   #5
graemef
Senior Member
 
Registered: Nov 2005
Location: Hanoi
Distribution: Fedora 13, Ubuntu 10.04
Posts: 2,379

Rep: Reputation: 148Reputation: 148
It's been a while since I did something like this but I think that you also need to add the NOPASSWD tag, so that you have something like the following in your sudoers file:

www-data ALL = NOPASSWD: useradd, groupadd

you may wish to add more commands, and you may need to add the full path.
 
Old 05-12-2006, 08:55 PM   #6
aluser
Member
 
Registered: Mar 2004
Location: Massachusetts
Distribution: Debian
Posts: 557

Rep: Reputation: 42
for the paranoid:

do be aware that this solution will mean a vulnerable or malicious php or cgi script can probably root your machine; even if you restrict its sudo privileges to the commands useradd and groupadd, it's hard to say that those commands have no dangerous combination of arguments (e.g., can useradd add a user with uid 0?)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security> adding user or root to a group eeried Linux - Newbie 6 08-08-2008 06:10 AM
giving users and group permission on proftp kafnir Linux - Networking 1 06-07-2004 09:38 AM
Adding user account to root group konabumm Linux - Newbie 1 07-31-2003 04:11 PM
vfat partition - write permission for users group digitized_funk Linux - Newbie 8 03-19-2003 08:30 AM
Adding nobody to the root group saravanan1979 Linux - Networking 2 04-27-2002 06:36 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration