September 1st, 2000, 10:40 PM
I'm trying to use the exec() function to call shell scripts that in turn startup various programs under linux.. for example, when someone clicks on a link to restart a particular daemon, the daemon will then simply executed, either through the standalone command of /location/daemon or through the calling of a shell script that essentially performs an identical task.
My problem is that exec() seems to only work through the user "nobody," which the Apache web server is running under. The scripts and programs I'd like to execute are under a user account named "admin."
I've even tried chmod'ing all pertinent files w/ permissions that "nobody" could use to successfully access all necessary commands, without success, as the programs seem to crash whenever I do this..
I realize it'd be a security risk, but would it be possible to use "su" to switch to the "admin" account, and then execute the commands? I couldn't figure out a way to echo back the password to su through exec() or system().. so I failed here, as well..
Any suggestions would be greatly appreciated!
September 3rd, 2000, 05:08 AM
Chances are, you'll have to run Apache as root if you want to be able to do that kinda stuff, and we all know that's probably a bad idea. As for su, you'd have to give 'nobody' suid 0 (wheel) in order to have that become available, and that's still a security risk. I'd say your best bet would be to write a shell script that you call through the php script, something like a middleman, to do the work. Or, you might try to figure a way to do it with Perl... But I'm no perl expert.
To alcohol! The cause of, and solution to, all of life's problems. -- Homer Simpson
September 4th, 2000, 05:18 AM
The way round it is to have two version of PHP, the second needs to be a CGI and suid to root.
chmod u+s filename
Then set up apache so that it calls this version of php using a different extension. Set it up as a virtual host directive. So only you can run it.
Its still a security risk and a big one at that but it will work. You are probably better to use another program and call it from php but this is just one idea