[PHP] su idn't working from within php
hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin
Re: [PHP] su idn't working from within php
Why do you need su? Set up sudo for apache user. Nitin Mehta wrote: hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] su idn't working from within php
but how would i store keys for apache? - Original Message - From: Marek Kilimajer [EMAIL PROTECTED] To: Nitin Mehta [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 4:03 PM Subject: Re: [PHP] su idn't working from within php Why do you need su? Set up sudo for apache user. Nitin Mehta wrote: hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] su idn't working from within php
You need to edit /etc/sudoers file and allow apache to execute command. And you also need to be carefull what you are doing or you will create a security hole. Nitin Mehta wrote: but how would i store keys for apache? - Original Message - From: Marek Kilimajer [EMAIL PROTECTED] To: Nitin Mehta [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, January 27, 2004 4:03 PM Subject: Re: [PHP] su idn't working from within php Why do you need su? Set up sudo for apache user. Nitin Mehta wrote: hi all i was trying to execute some commands as an authorized user from within my php script with exec (su username -c \sudo command\ 21;, $output); but it gives me standard in must be a tty how can i make it work? it runs perfectly at command prompt I even tried to ssh, but the problem is where should i copy the rsa-key generated with keygen, as the scripts are run as apache/http user.. Plz help me out of this Thanx in advance Nitin -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] su idn't working from within php
Marek Kilimajer wrote:
You need to edit /etc/sudoers file and allow apache to execute
command. And you also need to be carefull what you are doing or you
will create a security hole.
Nitin Mehta wrote:
but how would i store keys for apache?
- Original Message - From: Marek Kilimajer
[EMAIL PROTECTED]
To: Nitin Mehta [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Tuesday, January 27, 2004 4:03 PM
Subject: Re: [PHP] su idn't working from within php
Why do you need su? Set up sudo for apache user.
Nitin Mehta wrote:
hi all
i was trying to execute some commands as an authorized user from within
my php script with
exec (su username -c \sudo command\ 21;, $output);
but it gives me
standard in must be a tty
how can i make it work? it runs perfectly at command prompt
I even tried to ssh, but the problem is where should i copy the rsa-key
generated with keygen, as the scripts are run as apache/http
user..
Plz help me out of this
Thanx in advance
Nitin
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Can I recommend you don't try to add the apache webserver user to your
sudoers file? Big no-no. If anyone tries to issue a 'su' command on
your server from a web based form for example you could compromise your
machine. I have a more elegant solution... create a shell script
'command.sh' and then setup a cron job to execute the script every so
often. Let me show you an example...
[shell.sh]
#!/bin/sh
if test -f /path/to/file
then
echo file found, proceeding to execute command as root
code to be run as root
echo removing temporary file used to signal process
rm -dfr /path/to/file
else
echo file was not found, exiting shell gracefully
exit 0
fi
[end shell.sh]
[script.php]
if(!emtpy($yourvariable)) {
echo variable found, creating temporary file to flag shell script to
execute;
system(touch /path/to/file);
} else {
echo variable not present, exiting; }
[end script.php]
[crontab file]
*/5 * * * * /path/to/shell.sh /tmp/php_log 21
[end crontab file]
*** make sure you are root when adding this command to your cron jobs
This way your cronjob runs every five minutes and executes your shell
script. Your shell script checks to see if a temporary file is present
and if it is executes the command on the server as the root user. No
privledge escalation holes.
Hope this helps, let me know if it doesn't or if you don't have
dedicated hosting.
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
