Solved

Restart httpd and named via PHP (without suexec/as nobody)

Posted on 2006-11-09
8
806 Views
Last Modified: 2010-05-18
I need to restart both BIND and Apache from a PHP script that's running as nobody.  The following two lines don't work:

echo `/usr/sbin/httpd restart`;
echo `/etc/rc.d/init.d/named restart`;

Anyone?
0
Comment
Question by:inxil
  • 3
  • 2
8 Comments
 
LVL 14

Expert Comment

by:Aamir Saeed
ID: 17909518
0
 
LVL 7

Author Comment

by:inxil
ID: 17909559
OK, so I came up with a solution that I think is about as good as it's going to get.  First I updated my sudoers file and added the following:

nobody ALL=(ALL) NOPASSWD: /etc/rc.d/init.d/named reload
nobody ALL=(ALL) NOPASSWD: /usr/sbin/httpd graceful

Then I updated my PHP script accordingly:

echo `sudo /usr/sbin/httpd graceful`;
echo `sudo /etc/rc.d/init.d/named reload`;

This means that the user nobody can gracefully restart apache and reload BIND's database, which is somewhat insecure, but is acceptable.  Does anyone have a better solution?
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 250 total points
ID: 17912792
Yup using sudo is the correct way to do such things
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 14

Assisted Solution

by:Aamir Saeed
Aamir Saeed earned 250 total points
ID: 17913801
You need root to do that. No two ways about it sorry.

Why would you want to restart Apache? Most httpds i know have an option that allows you to reload (meaning: keep running, but reload the configuration file).

I have even more troubble seeing why you would want to restart Bind. Checkout the remote name daemon control (rndc).
0
 
LVL 7

Author Comment

by:inxil
ID: 18197223
I feel like I answered the question myself...
0
 
LVL 7

Author Comment

by:inxil
ID: 18212516
I don't mind giving the points to hernst42 and i_m_aamir, but to those of you looking for a similar solution--the method I described works quite well.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Consider the following scenario: You are working on a website and make something great - something that lets the server work with information submitted by your users. This could be anything, from a simple guestbook to a e-Money solution. But what…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to count occurrences of each item in an array.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now