# [EMAIL PROTECTED] / 2002-10-14 16:12:36 +0100: > On Mon, Oct 14, 2002 at 04:54:03PM +0200, Jens Rehsack wrote: > > Patrick Holahan wrote: > > > > I need to run a root command (ipfw) from apache through php. (Yes, this is > > > not very secure and I'm aware of this and if anyone has any better > > > suggestions, please feel free to make them.) > > > is that the function you search: > > string exec ( string command [, array output [, int return_var]]) > > That will run as the UID of the webserver, usually www, which won't be > very useful for doing stuff with ipfw. > > I'd grab sudo(8) or one of the alternatives from ports and very > carefully craft a /usr/local/etc/sudoers file that lets the www UID > run a specific ipfw command line without giving a password. Be very > careful not to let the www UID make arbitrary changes to your firewall > or you will discover the true meaning of pain in very short order. > Remember to add www to the wheel group if you go this way.
this is IMO a better solution: #!/bin/sh [ -f /some/file ] && \ /your/command && \ /bin/rm -f /some/file /etc/crontab: * * * * * root /your/script in the php script: touch('/some/file'); > Oh, and good luck maintaining the integrity of your machine if you do > implement this. You're going to need it... not necessarily. implementation dependent. :) -- If you cc me or take the list(s) out completely I'll most likely ignore your message. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message