Solved

How to execute commands in php under apache

Posted on 2004-04-18
5
450 Views
Last Modified: 2010-03-04
Hello.

I am trying to make my daily work a little bit more easy. I am trying to automate some things that I do all days and started looking a way with php+apache. The problem is that apache runs under apache user and group, and anything I try to execute in the server is being executed by the user apache. So, I won't be able for example, to crate a directory.

I know apache has mkdir function os something like that, but I just gave you the "create directory" as an example, what I need to execute are lot of commands. Even, I will need to restart daemons like named or httpd, or mysql.

I tried a lot of ways but, all php code is being executed as apache user.

Any help will be apreciated.

Thanks
Pablo
0
Comment
Question by:parturi
  • 2
  • 2
5 Comments
 
LVL 10

Expert Comment

by:Mercantilum
ID: 10856464
There is no easy way - some cgi wrappers are available, I would do mine(see below)
- php has to be called from cgi
- the small wrapper will actually execute your php script

1. make this small c program called cgiwrapper.c
To get the user id of php for instance, do
grep php /etc/passwd
This is the first number, e.g.
php:x:123:...
Below uid_for_php would be 123

-------------
#include <unistd.h>
char *prog="pathtoyourphp";
main (int argc, char **argv)
{
   argv[0] = prog;
   setuid (uid_for_php);
   execv(*argv, argv);
}
-------------

2. compile and set attributes as root (cgiwrapper should be either in your cgi-bin dir (called by apache directly) or called by your actual apache cgi

# you are root...
gcc -O2 cgiwrapper.c -o cgiwrapper
# just in case
chown root cgiwrapper
# set the setuid bit
chmod 4755 cgiwrapper

When cgiwrapper is called, user becomes uid_for_php and it calls 'prog' giving the arguments initially given to cgiwrapper.

3. to test your wrapper

# Put something like '/bin/bash' in 'prog' in your .c program (replace pathtoyourphp)
# recompile , set access rights as 2. above
# just be yourself :)  (under your own id, eg. parturi)
# do
./cgiwrapper
# you should have opened a new bash ... do
id
# you should see your php id (123) for "uid="

After the test, update your cgiwrapper.c again with the actual php program/script to be run in 'prog', and step 2. again


Some people don't like much to have a setuid-program... this one is very simple and short.
The worst that could happen is executing something as 'php' user... not worse than with 'apache' user ;-)
0
 
LVL 6

Expert Comment

by:philjones85
ID: 10861660
you could give the user "apache" root access - probably not a good idea, but would work

or you could give "777" permission to whatever folders that "apache" needs to modify/work in

another thing you might consider trying is running an excpect script, have the script log in as a higher priority user, perform whatever commands need to be performed, then log out.
0
 
LVL 1

Author Comment

by:parturi
ID: 10862424
Thanks for answering guys!

philjones85, I won't want 777 permissions to whatever folder is going to be modified. And giving apache root access is extreme dangerours, and even if I want to do that, I have to recompile apache, by default apache won't let you do that. The other suggestion, I don't understand, I am very new at linux-apache.

Mercantilum, I have a couple of questions regarding your option (which I think it could be a solution) if I understood well what it does.

>> - php has to be called from cgi

Supouse I do a form. It means I will have to set the action to the cgi, and set the cgi to call the php page?

>>1. make this small c program called cgiwrapper.c
>>To get the user id of php for instance, do
>>grep php /etc/passwd
>>This is the first number, e.g.
>>php:x:123:...
>>Below uid_for_php would be 123

is it the same uid as if I type the comand "id root" ? because I don't have the user php in /etc/passwd, I just used that file to add protected web directories.

uid_for_php which you set it in the example as 123, it must be the uid for root in order to execute commands as root?

This script wil take arguments and pass them to the php page? which one will be executed with the uid I set?

Sorry if I do stupid question, but I can't understand very well "concepts" yet, I am coming from a windows enviroment, so.. understand me :))

based on the effort, I will give you more points.

Thank you very much!
Pablo
0
 
LVL 10

Accepted Solution

by:
Mercantilum earned 500 total points
ID: 10862623
a) CGI/PHP : many people put PHP directly in /cgi-bin/ .

In our case we don't have to do that.
Usual cgi calls:
   http://myserver.com/cgi-bin/php?myform.php
Your server call
   http://myserver.com/cgi-bin/cgiwrapper?myform.php
[maybe cgiwrapper could be renamed as a more anonymous name :)

b) uid

Yes, you can put 0 instead of 123 to get root executing the cgiwrapper.
Actually you could seize the opportunity of this cgiwrapper to do more than calling php (calling a bash or perl script, which calls php after)
Yes, id <user> gives the id, for root it is always 0.
You don't have a user 'php', so take another user or root, do " id user" to get its userid (0 for root).

Yes the script will take the exact same arguments as the one you would have passed to the http://..../php?arg1&arg2 ...

Everything executed with cgiwrapper will have the user id you set in place of uid_for_php.
So if you put 0 (zero) for the call setuid(0), everything will be executed as root.
Try if possible to use another user, as, even if the risk is not that high, it is always dangerous to have a " root " process started from outside... (even if it's only php)

**Some technical things about uid and setuid (linux or unix)
- each user has a number associated to him. do
     cat /etc/passwd
   to see a list of users, you have root:x:uid:gid:...
- the uid 0 is always for root, it gives the system admin rights - can do anything!
- setuid is a special set of an executable access rights allowing during its execution to be someone else
   e.g. you are  'parturi'
   create the cgiwrapper which run another command as defined above, compile it
   do
      ls -l cgiwrapper
    you will see something like
       -rwxr-xr-x    1 parturi     users         1755 Apr  4 12:00 cgiwrapper
     the first rwx is the read write exec for the owner (parturi)
     the 2nd one r-x  is read exec (not write) ok for the group (users)
     3rd one r-w is read exec for all others (not parturi and not group users)
     as 'root' (#) if you do the following:
         chown root cgiwrapper
         chmod 4755 cgiwrapper
         ls -l
     you see some changes:
       -rwsr-xr-x    1 root     users         1755 Apr  4 12:00 cgiwrapper
     rws instead of rwx, and owner is root (not parturi)
     thant means that when executed, cgiwrapper can potentially become any user, using setuid(userid)...
 
windows : I understand you :) I'd be glad to help you to like your new linux/unix environment!
0
 
LVL 1

Author Comment

by:parturi
ID: 10862842
Mercantilum, I told you I will give you more points. When I close the question, I wasn't able to do it. I am going to ask some more things here! Thanks again
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now