inxil
asked on
Restart httpd and named via PHP (without suexec/as nobody)
I need to restart both BIND and Apache from a PHP script that's running as nobody. The following two lines don't work:
echo `/usr/sbin/httpd restart`;
echo `/etc/rc.d/init.d/named restart`;
Anyone?
echo `/usr/sbin/httpd restart`;
echo `/etc/rc.d/init.d/named restart`;
Anyone?
http://www.phpfreaks.com/apache_manual/page/stopping.html
ASKER
OK, so I came up with a solution that I think is about as good as it's going to get. First I updated my sudoers file and added the following:
nobody ALL=(ALL) NOPASSWD: /etc/rc.d/init.d/named reload
nobody ALL=(ALL) NOPASSWD: /usr/sbin/httpd graceful
Then I updated my PHP script accordingly:
echo `sudo /usr/sbin/httpd graceful`;
echo `sudo /etc/rc.d/init.d/named reload`;
This means that the user nobody can gracefully restart apache and reload BIND's database, which is somewhat insecure, but is acceptable. Does anyone have a better solution?
nobody ALL=(ALL) NOPASSWD: /etc/rc.d/init.d/named reload
nobody ALL=(ALL) NOPASSWD: /usr/sbin/httpd graceful
Then I updated my PHP script accordingly:
echo `sudo /usr/sbin/httpd graceful`;
echo `sudo /etc/rc.d/init.d/named reload`;
This means that the user nobody can gracefully restart apache and reload BIND's database, which is somewhat insecure, but is acceptable. Does anyone have a better solution?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I feel like I answered the question myself...
ASKER
I don't mind giving the points to hernst42 and i_m_aamir, but to those of you looking for a similar solution--the method I described works quite well.