I have a requirement to execute a python script as root user through the browser.
I have a PHP web script which I want to shell out of and call a python script (The python script utilizes the selenium firefox web driver to capture automated screenshots). The python script needs to be run under the root environment.
I know it's not recommended to give root access to www-data, but it is the only way I can see that this will work.
The PHP call I am using is shell_exec, then I am trying to pipe a password through so it can be run as root:
shell_exec("echo 'root_password' | sudo -u root -S python /usr/sbin/webdriver 'arg1' 'arg2'");
Is there a way to allow www-data to run the script as root? Preferably I would only like to give Apache root access to this one command, so that I'm not left with a completely vulnerable system - I have heard that the sudoers file can be edited to permit www-data to run certain commands as root? Bare in mind that the python script may invoke several other processes such as firefox, Xvfb etc.
www-data ALL=(ALL) NOPASSWD: executable_full_path
In this example, would the executable_full_path be the path to python? Or the path to my python script?
Nb: I have the default visudo config for Ubuntu 10.04.01 LTS:
# This file MUST be edited with the 'visudo' command as root.
# See the man page for details on how to write a sudoers file.
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command after they have
# provided their password
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
Thanks and Regards,