# [EMAIL PROTECTED] / 2002-10-14 16:12:36 +0100:
> On Mon, Oct 14, 2002 at 04:54:03PM +0200, Jens Rehsack wrote:
> > Patrick Holahan wrote:
>
> > > I need to run a root command (ipfw) from apache through php. (Yes, this is
> > > not very secure and I'm aware of this and if anyone has any better
> > > suggestions, please feel free to make them.)
>
> > is that the function you search:
> > string exec ( string command [, array output [, int return_var]])
>
> That will run as the UID of the webserver, usually www, which won't be
> very useful for doing stuff with ipfw.
>
> I'd grab sudo(8) or one of the alternatives from ports and very
> carefully craft a /usr/local/etc/sudoers file that lets the www UID
> run a specific ipfw command line without giving a password. Be very
> careful not to let the www UID make arbitrary changes to your firewall
> or you will discover the true meaning of pain in very short order.
> Remember to add www to the wheel group if you go this way.
this is IMO a better solution:
#!/bin/sh
[ -f /some/file ] && \
/your/command && \
/bin/rm -f /some/file
/etc/crontab:
* * * * * root /your/script
in the php script:
touch('/some/file');
> Oh, and good luck maintaining the integrity of your machine if you do
> implement this. You're going to need it...
not necessarily. implementation dependent. :)
--
If you cc me or take the list(s) out completely I'll most likely
ignore your message.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
