[PHP] SetUID Scripts with PHP.
I need to make some PHP Executables which needs root permissions to run. I currently use SetUID Perl scripts for the purpose and they works fine. But now i feel PHP would be better language for the purpose so i want to switch it to PHP. Can any one tell me how can i make setUID PHP scripts ? Thanks and Regards, Nikunj Virani
[PHP] setuid, locked data, security
Hi, I have an account at a sun server. Until now I've used perl to write CGI scripts. Is there a possibility to prevent files and directories from being read by other users (NFS). Since I'm not root I do not have the possibility to use POSIX functions to set the UID of the current process to my own. This would make it possible to set files as -rw--- so that no one can read it, just the script itself (which is set to -rwsr-xr-x). Setting the setuid flag of a PHP script doesn't make sense, I guess. Is there any alternative?? Any help would be appreciated! Best Regards, :-)hris -- Christian Kaiser -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] setuid cgi calling a php script.
Hello,
I am running the module version of php(4.0.5) AND have a cgi
version compiled. The cgi version is php 4.1.1(compiled with
--enable-discard-path) and this is on a sunOS 5.8 box. I am trying to run
a setuid wrapper that calls a .php4 script. Whenever I enter
the url to the .cgi wrapper it appears to echo the binary as opposed to
executing it? If I execute the cgi from the command line it
works fine. Also if I change the file that the cgi wrapper is pointing to
to a .sh file it runs fine via command line or a url
through apache. If I enter the url directly to the .php4 in the url it
works and is parsed by the cgi version of php. Because of
these symptoms I beleive it has something to do with my apache
configuration? However below I am pasteing the cgi wrapper code,
the apache configuration, and the unf.php4 file that the wrapper points
to. I hope that someone will be kind enough to
help me out.
//cgi wrapper after gcc i would then chmod 4755.
#include stdio.h
#include unistd.h
#include stdlib.h
int main(void){
setuid(1001);
setgid(10);
system(/path/to/cgi-bin/unf.php4);
}
//I have tried many different types of configurations with the following
apache directives.
//my current settings that should be relevant are below.
AddHandler cgi-script .cgi .pl
Action application/x-httpd-php /usr/local/bin/php
AddType application/x-httpd-php .php .php4
//then where the virtual host is defined I have this.
//i have replaced the directory path and real domain name with
/path/to/mydomain
VirtualHost www.mydomain.com
Directory /path/to/mydomain/public_html/cgi-bin
AllowOverride None
Options ExecCGI
Order allow,deny
Allow from all
/Directory
ScriptAlias /cgi-bin/ /path/to/mydomain/public_html/cgi-bin/
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /path/to/mydomain/public_html
ServerName www.mydomain.com
ErrorLog /path/to/mydomain/public_html/logs/error_log
CustomLog /path/to/mydomain/public_html/logs/access_log common
/VirtualHost
//finally I will post the code to the unf.php4 file that is being called
by the wrapper
//removing the -q has no effect
#!/usr/local/bin/php -q
?
echo got here;
system('id');
?
I apologize if I left out any important details.
Josh
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] setuid
i'm pretty sure apache tries its best to keep things like this (doing anything as root) from happening. you might look at apaches documentation for suexec. on 7/2/01 3:31 AM, Yamin Prabudy at [EMAIL PROTECTED] wrote: sorry i might miss the discussion bout setuid can anyone give me an help on how to run suid root while i have script that run by apache i had alread set the file like this -rwsr-xr-x 1 root www 384 Jul 2 16:36 test but no luck Thanks in Advance -- mike cullerton [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] setuid
Hi... Is there a way to use posix_setuid without set Apache to run as root? Or, is there some other function to do the same thing? []s .~. Ulysses Almeida / V \ [EMAIL PROTECTED] / ( ) \ Seja livre, use GNU/Linux! ^^-^^ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
