Solved

Restart httpd and named via PHP (without suexec/as nobody)

Posted on 2006-11-09
8
808 Views
Last Modified: 2010-05-18
I need to restart both BIND and Apache from a PHP script that's running as nobody.  The following two lines don't work:

echo `/usr/sbin/httpd restart`;
echo `/etc/rc.d/init.d/named restart`;

Anyone?
0
Comment
Question by:inxil
  • 3
  • 2
8 Comments
 
LVL 14

Expert Comment

by:Aamir Saeed
ID: 17909518
0
 
LVL 7

Author Comment

by:inxil
ID: 17909559
OK, so I came up with a solution that I think is about as good as it's going to get.  First I updated my sudoers file and added the following:

nobody ALL=(ALL) NOPASSWD: /etc/rc.d/init.d/named reload
nobody ALL=(ALL) NOPASSWD: /usr/sbin/httpd graceful

Then I updated my PHP script accordingly:

echo `sudo /usr/sbin/httpd graceful`;
echo `sudo /etc/rc.d/init.d/named reload`;

This means that the user nobody can gracefully restart apache and reload BIND's database, which is somewhat insecure, but is acceptable.  Does anyone have a better solution?
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 250 total points
ID: 17912792
Yup using sudo is the correct way to do such things
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 14

Assisted Solution

by:Aamir Saeed
Aamir Saeed earned 250 total points
ID: 17913801
You need root to do that. No two ways about it sorry.

Why would you want to restart Apache? Most httpds i know have an option that allows you to reload (meaning: keep running, but reload the configuration file).

I have even more troubble seeing why you would want to restart Bind. Checkout the remote name daemon control (rndc).
0
 
LVL 7

Author Comment

by:inxil
ID: 18197223
I feel like I answered the question myself...
0
 
LVL 7

Author Comment

by:inxil
ID: 18212516
I don't mind giving the points to hernst42 and i_m_aamir, but to those of you looking for a similar solution--the method I described works quite well.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to count occurrences of each item in an array.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now