?
Solved

How do I run a PHP program to kill a process on Linux?  The PHP script needs superuser permission.

Posted on 2009-02-16
12
Medium Priority
?
748 Views
Last Modified: 2012-05-06
I have a web application that needs to run a PHP sytem command to kill a process.
To kill the process the PHP script needs Linux superuser access.
I do NOT want the user to have to enter the Linux superuser username and password.
0
Comment
Question by:pmsguy
  • 3
  • 3
  • 3
  • +2
12 Comments
 
LVL 40

Accepted Solution

by:
omarfarid earned 400 total points
ID: 23650228
you may use sudo to do this from some other user account:

http://www.gratisoft.us/sudo/man/sudoers.html
0
 
LVL 22

Expert Comment

by:Ivo Stoykov
ID: 23650241
this is very, very bad practice.
you may use system(cmd, ret_val)
i
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23650633
does the  php scrpt needs the suppoer use access [ which is realy realy bad]

or
the user needs the supper user access ??  [ you can follow omarfarid suggestion]

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 8

Assisted Solution

by:eager
eager earned 800 total points
ID: 23664683
As everybody said, giving a PHP script root access (whether by calling system() or using sudo) is very bad practice.

Is it only one application that you need to kill from the web, or an arbitrary process?
(If it is any process, you should use ssh to connect and kill the process.)

When do you need to kill this application?  (Is it running normally or is it hung?)

Are you able to make modifications to this application?  Can you write a script which invokes the application?  
0
 

Author Comment

by:pmsguy
ID: 23665306
I basically am running a php script to kill a process.  
The user needs to be logged in to the admin php backend to run this scripts.
What security issues do you see with this?
0
 
LVL 8

Assisted Solution

by:eager
eager earned 800 total points
ID: 23666293
It's not clear whether you want the user to be able to kill a specific process or any process.

Letting users kill any process can easily crash your system.  You are depending on the web server to protect your system from unauthorized access, which doesn't seem like a good idea.

There's the principle of least authority:  give each user only the authority that he (or she) needs to perform the functions that they need to do.  Letting a user do "kill -9 <random-number>" doesn't seem well advised.
0
 
LVL 22

Expert Comment

by:Ivo Stoykov
ID: 23667468
giving root access especially through web interface is one of the most dangerous actions you could take against your system.

> What security issues do you see with this?

There are so many that it is really a nonsense to discuss here. If you google a little bit I'm sure will find lots of places with large discussions on the topic.

Just the fact that nobody didn't answer with 'a great idea' must cause you to re-think about.

At least if remote user is allowed to kill one process it can kill any other process...

HTH

i
0
 
LVL 29

Expert Comment

by:fosiul01
ID: 23668016
@eager and @ivostoykov  is right

if you want a user to access your server via php script and to kill process then you need to give apache root access . as @ivostoykov which is most dangerous.  no body will tell you to do this

becase if you give apache root access then even if you put apache in sudo file [ if you can] and give it access to run kill command,

then any one would be able to kill any process to the server
0
 

Author Comment

by:pmsguy
ID: 23669390
The user will NOT have access to kill any random process.  The PHP script will call a bash script that will kill a particular process.  The PHP script is only accessible via a login and the PHP script will only execute if certain SESSION variables are set.  So what are your comments on any security risks with this scenario?
0
 
LVL 22

Assisted Solution

by:Ivo Stoykov
Ivo Stoykov earned 400 total points
ID: 23669633
as i said above the function about this is system or shell_exec
please check here and here
HTH
i
0
 
LVL 29

Assisted Solution

by:fosiul01
fosiul01 earned 400 total points
ID: 23669653
Ok the way you saying, it does not sound bad

like Vps server company they give java script base control pantel where you get a shell to run linux command

if you are tyring to something like that, then i would not say its security beach
0
 

Author Closing Comment

by:pmsguy
ID: 31547333
I appreciate everyones input.
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month15 days, 2 hours left to enroll

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question