[PHP] su idn't working from within php
hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin
Re: [PHP] su idn't working from within php
Why do you need su? Set up sudo for apache user. Nitin Mehta wrote: hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] su idn't working from within php
but how would i store keys for apache? - Original Message - From: Marek Kilimajer [EMAIL PROTECTED] To: Nitin Mehta [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 4:03 PM Subject: Re: [PHP] su idn't working from within php Why do you need su? Set up sudo for apache user. Nitin Mehta wrote: hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] su idn't working from within php
You need to edit /etc/sudoers file and allow apache to execute command. And you also need to be carefull what you are doing or you will create a security hole. Nitin Mehta wrote: but how would i store keys for apache? - Original Message - From: Marek Kilimajer [EMAIL PROTECTED] To: Nitin Mehta [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 4:03 PM Subject: Re: [PHP] su idn't working from within php Why do you need su? Set up sudo for apache user. Nitin Mehta wrote: hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] su idn't working from within php
Marek Kilimajer wrote: You need to edit /etc/sudoers file and allow apache to execute command. And you also need to be carefull what you are doing or you will create a security hole. Nitin Mehta wrote: but how would i store keys for apache? - Original Message - From: Marek Kilimajer [EMAIL PROTECTED] To: Nitin Mehta [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 4:03 PM Subject: Re: [PHP] su idn't working from within php Why do you need su? Set up sudo for apache user. Nitin Mehta wrote: hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php Can I recommend you don't try to add the apache webserver user to your sudoers file? Big no-no. If anyone tries to issue a 'su' command on your server from a web based form for example you could compromise your machine. I have a more elegant solution... create a shell script 'command.sh' and then setup a cron job to execute the script every so often. Let me show you an example... [shell.sh] #!/bin/sh if test -f /path/to/file then echo file found, proceeding to execute command as root code to be run as root echo removing temporary file used to signal process rm -dfr /path/to/file else echo file was not found, exiting shell gracefully exit 0 fi [end shell.sh] [script.php] if(!emtpy($yourvariable)) { echo variable found, creating temporary file to flag shell script to execute; system(touch /path/to/file); } else { echo variable not present, exiting; } [end script.php] [crontab file] */5 * * * * /path/to/shell.sh /tmp/php_log 21 [end crontab file] *** make sure you are root when adding this command to your cron jobs This way your cronjob runs every five minutes and executes your shell script. Your shell script checks to see if a temporary file is present and if it is executes the command on the server as the root user. No privledge escalation holes. Hope this helps, let me know if it doesn't or if you don't have dedicated hosting. Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php