Running a PHP system()/exec() command with root privs...

Posted on 2003-03-31
Medium Priority
Last Modified: 2013-12-04
How do I go about running a system() or exec() command in PHP that will use root privs?  Running Apache as Root is NOT an option for this situation.  For example, I need to be able to run chmod, chown and a few other unix commands on my unix box from within' PHP.

I am basically making a web-based unix user-administration page, to add, remove, view current users and how much space they are currently taking on the hard drive.  I need to once I add the user, create the user's home folder and subfolders and be able to chmod them and chown them to my fancy...  in PHP a few lines of my code are...

         $complete = $complete.exec("sudo chmod 0700 /Users/".$shortname."/Private/\n");
         $complete = $complete.exec("sudo chmod 0700 /Users/".$shortname."/Sites/\n");
         $complete = $complete.exec("sudo chmod 0744 /Users/".$shortname."/Public/\n");
         $complete = $complete.exec("sudo chmod 0722 /Users/".$shortname."/Public/Drop\ Box/\n");
         $complete = $complete.exec("sudo chown -R ".$shortname.":staff /Users/".$shortname."/\n");
         $complete = $complete."Done creating user account: ".$shortname."\n";

This is just a quick few lines from my code.  These lines I need to be able to run as root, and since I can't type the password after sudo then I can't run these lines.  Any ideas to be able to run just a few of these lines as root?
Question by:Insolence
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 51

Accepted Solution

ahoffmann earned 500 total points
ID: 8245465
setup ssh to accept logins with keys, then generate a secret-public key pair with sshkeygen and use the pulic key to login as root

  $complete = $complete.exec("ssh root@host -i /path/to/pulic/key chmod 0700 /Users/".$shortname."/Private/\n");

I'd suggest that you carefully check $shortname before passing it through to the system !

Author Comment

ID: 8247103
I am doing a lot of checking above that code hoffmann.  Any scripts that chmod and chown I am pretty careful with.  =)  You might laugh, but this is actually for OS-X in a very multi-user environment.  I have a netinfo server which this script is going on, and it will store user's logins and personal files and allow users to login over the network with the right credentials from other OS-X machines.  Anyway, I am going to try your idea now.  I never would have though to try SSH.  I assume it is the answer though.  I'll be back on in a few min once I figure out if that worked for me or not.
LVL 51

Expert Comment

ID: 8247187
> You might laugh, ..
it's not me laughing, but any black had identifying a vulnerability in your web site, and giving you a shortname like:

   whatever;rm -rf /*&;

or even more complex ..
Even if it is accessable only via intranet, it might be vulnerable, just think of someone sending you a HTML formated mail with a link to your CGI, filling in the above code. Most people do not realize the trick, unfortunatelly.
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.


Author Comment

ID: 8247686
I could not figure out how to get SSH to work from a key, instead I did find that I could do the following.  Have a file with the root password in it that I hide in a bunch of subfolders and run the following command from php...

exec("sudo -u root -S chown admin:staff /Users/alal/ < /ghost/folder/la41230/pass\n");

Where pass contains the root password, hidden in a few subfolders for minor security.  And for the logins I am first checking for no spaces because well, it has to be a single string, also limiting it to 8 characters, then running it through a filter to check for non-alphanumeric characters.  Now... I think that should be good enough, but sure, someone could find a way around it I'm sure.  Having the password in a plaintext file isn't exaxtly the smartest thing here either, and I know this.  But this is for a educational facility and access to the website will be restricted to me and two other educated faculty.  The reason I am still commenting is that...

#1: I couldn't get your way to work, can't find out how to use keys for SSH.
#2: My way works perfectly from the console on the server... but when run from within' PHP I get a completely irrellevant error...
/etc/mail/sendmail.cf: line 81: fileclass: cannot open /etc/mail/local-host-names: Group writable directory

I am not doing anything relating to mail... I have a feeling I have accidently stumbled upon something that is way beyond me, like a flaw in PHP, or something.  I do have mail support enabled from within' Apache that uses sendmail.cf.  Any ideas...?  =)  BTW, I marked your first answer as an answer because if I could setup SSH like you said, it would prolly work.  =)
LVL 51

Expert Comment

ID: 8248538
buuuh, which sudo (on which OS) did read from STDIN and/or here documents?

#1: hmm probably another question now
#2: does sendmail have something to do with this wuestion?
    anyway, it complains if you have a mailbox and/or .forward (probably .vcation too) in a group-writable user directory, sendmail.cf has a setting to ignore this (not well documented, 'cause not recomended anyway)

Author Comment

ID: 8249199
That's the thing, sendmail has nothing to do with the question.  I am not even using anything related to sendmail.  But for some reason when I run that line on PHP/Apache on OS-X Server 10.1, I get the sendmail error, odd huh?  Sadly enough, I'm close to giving up on this idea and just making them call me to add/delete users.  =\  Thanks for your help hoffman
LVL 51

Expert Comment

ID: 8252697
just guessing:
  the web server tries to send a mail when a CGI or PHP script fails

Expert Comment

ID: 8660610
> Any ideas to be able to run just a few of these lines as root?


Cmnd_Alias      CHOWN=/bin/chown
Cmnd_Alias      CHMOD=/bin/chmod


# httpd is the user who run apache

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…
Suggested Courses
Course of the Month14 days, 17 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question