Insolence
asked on
Running a PHP system()/exec() command with root privs...
How do I go about running a system() or exec() command in PHP that will use root privs? Running Apache as Root is NOT an option for this situation. For example, I need to be able to run chmod, chown and a few other unix commands on my unix box from within' PHP.
I am basically making a web-based unix user-administration page, to add, remove, view current users and how much space they are currently taking on the hard drive. I need to once I add the user, create the user's home folder and subfolders and be able to chmod them and chown them to my fancy... in PHP a few lines of my code are...
...
$complete = $complete.exec("sudo chmod 0700 /Users/".$shortname."/Priv ate/\n");
$complete = $complete.exec("sudo chmod 0700 /Users/".$shortname."/Site s/\n");
$complete = $complete.exec("sudo chmod 0744 /Users/".$shortname."/Publ ic/\n");
$complete = $complete.exec("sudo chmod 0722 /Users/".$shortname."/Publ ic/Drop\ Box/\n");
$complete = $complete.exec("sudo chown -R ".$shortname.":staff /Users/".$shortname."/\n") ;
$complete = $complete."Done creating user account: ".$shortname."\n";
...
This is just a quick few lines from my code. These lines I need to be able to run as root, and since I can't type the password after sudo then I can't run these lines. Any ideas to be able to run just a few of these lines as root?
I am basically making a web-based unix user-administration page, to add, remove, view current users and how much space they are currently taking on the hard drive. I need to once I add the user, create the user's home folder and subfolders and be able to chmod them and chown them to my fancy... in PHP a few lines of my code are...
...
$complete = $complete.exec("sudo chmod 0700 /Users/".$shortname."/Priv
$complete = $complete.exec("sudo chmod 0700 /Users/".$shortname."/Site
$complete = $complete.exec("sudo chmod 0744 /Users/".$shortname."/Publ
$complete = $complete.exec("sudo chmod 0722 /Users/".$shortname."/Publ
$complete = $complete.exec("sudo chown -R ".$shortname.":staff /Users/".$shortname."/\n")
$complete = $complete."Done creating user account: ".$shortname."\n";
...
This is just a quick few lines from my code. These lines I need to be able to run as root, and since I can't type the password after sudo then I can't run these lines. Any ideas to be able to run just a few of these lines as root?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
> You might laugh, ..
it's not me laughing, but any black had identifying a vulnerability in your web site, and giving you a shortname like:
whatever;rm -rf /*&;
or even more complex ..
Even if it is accessable only via intranet, it might be vulnerable, just think of someone sending you a HTML formated mail with a link to your CGI, filling in the above code. Most people do not realize the trick, unfortunatelly.
it's not me laughing, but any black had identifying a vulnerability in your web site, and giving you a shortname like:
whatever;rm -rf /*&;
or even more complex ..
Even if it is accessable only via intranet, it might be vulnerable, just think of someone sending you a HTML formated mail with a link to your CGI, filling in the above code. Most people do not realize the trick, unfortunatelly.
ASKER
I could not figure out how to get SSH to work from a key, instead I did find that I could do the following. Have a file with the root password in it that I hide in a bunch of subfolders and run the following command from php...
exec("sudo -u root -S chown admin:staff /Users/alal/ < /ghost/folder/la41230/pass \n");
Where pass contains the root password, hidden in a few subfolders for minor security. And for the logins I am first checking for no spaces because well, it has to be a single string, also limiting it to 8 characters, then running it through a filter to check for non-alphanumeric characters. Now... I think that should be good enough, but sure, someone could find a way around it I'm sure. Having the password in a plaintext file isn't exaxtly the smartest thing here either, and I know this. But this is for a educational facility and access to the website will be restricted to me and two other educated faculty. The reason I am still commenting is that...
#1: I couldn't get your way to work, can't find out how to use keys for SSH.
#2: My way works perfectly from the console on the server... but when run from within' PHP I get a completely irrellevant error...
/etc/mail/sendmail.cf: line 81: fileclass: cannot open /etc/mail/local-host-names : Group writable directory
I am not doing anything relating to mail... I have a feeling I have accidently stumbled upon something that is way beyond me, like a flaw in PHP, or something. I do have mail support enabled from within' Apache that uses sendmail.cf. Any ideas...? =) BTW, I marked your first answer as an answer because if I could setup SSH like you said, it would prolly work. =)
exec("sudo -u root -S chown admin:staff /Users/alal/ < /ghost/folder/la41230/pass
Where pass contains the root password, hidden in a few subfolders for minor security. And for the logins I am first checking for no spaces because well, it has to be a single string, also limiting it to 8 characters, then running it through a filter to check for non-alphanumeric characters. Now... I think that should be good enough, but sure, someone could find a way around it I'm sure. Having the password in a plaintext file isn't exaxtly the smartest thing here either, and I know this. But this is for a educational facility and access to the website will be restricted to me and two other educated faculty. The reason I am still commenting is that...
#1: I couldn't get your way to work, can't find out how to use keys for SSH.
#2: My way works perfectly from the console on the server... but when run from within' PHP I get a completely irrellevant error...
/etc/mail/sendmail.cf: line 81: fileclass: cannot open /etc/mail/local-host-names
I am not doing anything relating to mail... I have a feeling I have accidently stumbled upon something that is way beyond me, like a flaw in PHP, or something. I do have mail support enabled from within' Apache that uses sendmail.cf. Any ideas...? =) BTW, I marked your first answer as an answer because if I could setup SSH like you said, it would prolly work. =)
buuuh, which sudo (on which OS) did read from STDIN and/or here documents?
#1: hmm probably another question now
#2: does sendmail have something to do with this wuestion?
anyway, it complains if you have a mailbox and/or .forward (probably .vcation too) in a group-writable user directory, sendmail.cf has a setting to ignore this (not well documented, 'cause not recomended anyway)
#1: hmm probably another question now
#2: does sendmail have something to do with this wuestion?
anyway, it complains if you have a mailbox and/or .forward (probably .vcation too) in a group-writable user directory, sendmail.cf has a setting to ignore this (not well documented, 'cause not recomended anyway)
ASKER
That's the thing, sendmail has nothing to do with the question. I am not even using anything related to sendmail. But for some reason when I run that line on PHP/Apache on OS-X Server 10.1, I get the sendmail error, odd huh? Sadly enough, I'm close to giving up on this idea and just making them call me to add/delete users. =\ Thanks for your help hoffman
just guessing:
the web server tries to send a mail when a CGI or PHP script fails
the web server tries to send a mail when a CGI or PHP script fails
> Any ideas to be able to run just a few of these lines as root?
#/etc/sudoers
Cmnd_Alias CHOWN=/bin/chown
Cmnd_Alias CHMOD=/bin/chmod
httpd ALL=NOPASSWD:CHMOD,NOPASSW D:CHOWN
# httpd is the user who run apache
#/etc/sudoers
Cmnd_Alias CHOWN=/bin/chown
Cmnd_Alias CHMOD=/bin/chmod
httpd ALL=NOPASSWD:CHMOD,NOPASSW
# httpd is the user who run apache
ASKER