• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 490
  • Last Modified:

How to execute commands in php under apache


I am trying to make my daily work a little bit more easy. I am trying to automate some things that I do all days and started looking a way with php+apache. The problem is that apache runs under apache user and group, and anything I try to execute in the server is being executed by the user apache. So, I won't be able for example, to crate a directory.

I know apache has mkdir function os something like that, but I just gave you the "create directory" as an example, what I need to execute are lot of commands. Even, I will need to restart daemons like named or httpd, or mysql.

I tried a lot of ways but, all php code is being executed as apache user.

Any help will be apreciated.

  • 2
  • 2
1 Solution
There is no easy way - some cgi wrappers are available, I would do mine(see below)
- php has to be called from cgi
- the small wrapper will actually execute your php script

1. make this small c program called cgiwrapper.c
To get the user id of php for instance, do
grep php /etc/passwd
This is the first number, e.g.
Below uid_for_php would be 123

#include <unistd.h>
char *prog="pathtoyourphp";
main (int argc, char **argv)
   argv[0] = prog;
   setuid (uid_for_php);
   execv(*argv, argv);

2. compile and set attributes as root (cgiwrapper should be either in your cgi-bin dir (called by apache directly) or called by your actual apache cgi

# you are root...
gcc -O2 cgiwrapper.c -o cgiwrapper
# just in case
chown root cgiwrapper
# set the setuid bit
chmod 4755 cgiwrapper

When cgiwrapper is called, user becomes uid_for_php and it calls 'prog' giving the arguments initially given to cgiwrapper.

3. to test your wrapper

# Put something like '/bin/bash' in 'prog' in your .c program (replace pathtoyourphp)
# recompile , set access rights as 2. above
# just be yourself :)  (under your own id, eg. parturi)
# do
# you should have opened a new bash ... do
# you should see your php id (123) for "uid="

After the test, update your cgiwrapper.c again with the actual php program/script to be run in 'prog', and step 2. again

Some people don't like much to have a setuid-program... this one is very simple and short.
The worst that could happen is executing something as 'php' user... not worse than with 'apache' user ;-)
you could give the user "apache" root access - probably not a good idea, but would work

or you could give "777" permission to whatever folders that "apache" needs to modify/work in

another thing you might consider trying is running an excpect script, have the script log in as a higher priority user, perform whatever commands need to be performed, then log out.
parturiAuthor Commented:
Thanks for answering guys!

philjones85, I won't want 777 permissions to whatever folder is going to be modified. And giving apache root access is extreme dangerours, and even if I want to do that, I have to recompile apache, by default apache won't let you do that. The other suggestion, I don't understand, I am very new at linux-apache.

Mercantilum, I have a couple of questions regarding your option (which I think it could be a solution) if I understood well what it does.

>> - php has to be called from cgi

Supouse I do a form. It means I will have to set the action to the cgi, and set the cgi to call the php page?

>>1. make this small c program called cgiwrapper.c
>>To get the user id of php for instance, do
>>grep php /etc/passwd
>>This is the first number, e.g.
>>Below uid_for_php would be 123

is it the same uid as if I type the comand "id root" ? because I don't have the user php in /etc/passwd, I just used that file to add protected web directories.

uid_for_php which you set it in the example as 123, it must be the uid for root in order to execute commands as root?

This script wil take arguments and pass them to the php page? which one will be executed with the uid I set?

Sorry if I do stupid question, but I can't understand very well "concepts" yet, I am coming from a windows enviroment, so.. understand me :))

based on the effort, I will give you more points.

Thank you very much!
a) CGI/PHP : many people put PHP directly in /cgi-bin/ .

In our case we don't have to do that.
Usual cgi calls:
Your server call
[maybe cgiwrapper could be renamed as a more anonymous name :)

b) uid

Yes, you can put 0 instead of 123 to get root executing the cgiwrapper.
Actually you could seize the opportunity of this cgiwrapper to do more than calling php (calling a bash or perl script, which calls php after)
Yes, id <user> gives the id, for root it is always 0.
You don't have a user 'php', so take another user or root, do " id user" to get its userid (0 for root).

Yes the script will take the exact same arguments as the one you would have passed to the http://..../php?arg1&arg2 ...

Everything executed with cgiwrapper will have the user id you set in place of uid_for_php.
So if you put 0 (zero) for the call setuid(0), everything will be executed as root.
Try if possible to use another user, as, even if the risk is not that high, it is always dangerous to have a " root " process started from outside... (even if it's only php)

**Some technical things about uid and setuid (linux or unix)
- each user has a number associated to him. do
     cat /etc/passwd
   to see a list of users, you have root:x:uid:gid:...
- the uid 0 is always for root, it gives the system admin rights - can do anything!
- setuid is a special set of an executable access rights allowing during its execution to be someone else
   e.g. you are  'parturi'
   create the cgiwrapper which run another command as defined above, compile it
      ls -l cgiwrapper
    you will see something like
       -rwxr-xr-x    1 parturi     users         1755 Apr  4 12:00 cgiwrapper
     the first rwx is the read write exec for the owner (parturi)
     the 2nd one r-x  is read exec (not write) ok for the group (users)
     3rd one r-w is read exec for all others (not parturi and not group users)
     as 'root' (#) if you do the following:
         chown root cgiwrapper
         chmod 4755 cgiwrapper
         ls -l
     you see some changes:
       -rwsr-xr-x    1 root     users         1755 Apr  4 12:00 cgiwrapper
     rws instead of rwx, and owner is root (not parturi)
     thant means that when executed, cgiwrapper can potentially become any user, using setuid(userid)...
windows : I understand you :) I'd be glad to help you to like your new linux/unix environment!
parturiAuthor Commented:
Mercantilum, I told you I will give you more points. When I close the question, I wasn't able to do it. I am going to ask some more things here! Thanks again
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now