[PHP] web based admin - was: Re: [PHP] Restart Apache with PHP???
You are right anil, I think we should collectively discourage people from attempting this sort of this. I am no fan of webmin, cpanel or any of the other vhost/admin stuff but at least they are likely to be more secure than what can be scratched together in a hurry. Anil Kumar K. wrote: Writing something like this as part of a Web application is definitely a bad idea. The requirement is more like that of a remote administration system and Webmin (http://www.webmin.com/) cleanly and safely fits the bill. Webmin can actually do more than just restarting Apache. But it can be configured to do only that. best regards. Anil On Wed, 3 Sep 2003, Jason Sheets wrote: More safely maybe, but even that solution could be exploited somewhat easily. The script that writes the file would be better off as a CGI than executed through the Apache module, this would allow you to restrict write access to the directory where the file that triggers the restart is stored to the owner of the script, you could then further restrict access to this script through .htccess or other means. If you make a file trigger a cronned job to restart the server if you are using mod_php the directory must be writable to the user the web server runs as which means that anyone who can execute php code through the webserver can trigger a server restart by writing the file, you could even cron it to write the file every minute effectively shutting the server down (whether it be web or the actual system itself). Doing something like this takes a lot of thought, it can be made difficult to exploit but you need to do more than just make a cron pickup a file, excellent starting place though. Jason -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Restart Apache with PHP???
Writing something like this as part of a Web application is definitely a bad idea. The requirement is more like that of a remote administration system and Webmin (http://www.webmin.com/) cleanly and safely fits the bill. Webmin can actually do more than just restarting Apache. But it can be configured to do only that. best regards. Anil On Wed, 3 Sep 2003, Jason Sheets wrote: More safely maybe, but even that solution could be exploited somewhat easily. The script that writes the file would be better off as a CGI than executed through the Apache module, this would allow you to restrict write access to the directory where the file that triggers the restart is stored to the owner of the script, you could then further restrict access to this script through .htccess or other means. If you make a file trigger a cronned job to restart the server if you are using mod_php the directory must be writable to the user the web server runs as which means that anyone who can execute php code through the webserver can trigger a server restart by writing the file, you could even cron it to write the file every minute effectively shutting the server down (whether it be web or the actual system itself). Doing something like this takes a lot of thought, it can be made difficult to exploit but you need to do more than just make a cron pickup a file, excellent starting place though. Jason Dan Anderson wrote: Search the archives. Somebody wanted to restart their server using a web page, and a clever solution was pointed out. By creating a script that monitored for a particular file in temp and restarted the server if it existed it, and cronning it for every minute, they could do it safely and securely. -Dan On Tue, 2003-09-02 at 12:19, Joe Harman wrote: Hey guys gals... Is there a way to restart Apache with a PHP command? Joe Harman -- Linuxense Information Systems Pvt. Ltd., Trivandrum, India http://www.linuxense.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Restart Apache with PHP???
More safely maybe, but even that solution could be exploited somewhat easily. The script that writes the file would be better off as a CGI than executed through the Apache module, this would allow you to restrict write access to the directory where the file that triggers the restart is stored to the owner of the script, you could then further restrict access to this script through .htccess or other means. If you make a file trigger a cronned job to restart the server if you are using mod_php the directory must be writable to the user the web server runs as which means that anyone who can execute php code through the webserver can trigger a server restart by writing the file, you could even cron it to write the file every minute effectively shutting the server down (whether it be web or the actual system itself). Doing something like this takes a lot of thought, it can be made difficult to exploit but you need to do more than just make a cron pickup a file, excellent starting place though. Jason Dan Anderson wrote: Search the archives. Somebody wanted to restart their server using a web page, and a clever solution was pointed out. By creating a script that monitored for a particular file in temp and restarted the server if it existed it, and cronning it for every minute, they could do it safely and securely. -Dan On Tue, 2003-09-02 at 12:19, Joe Harman wrote: Hey guys gals... Is there a way to restart Apache with a PHP command? Joe Harman -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Restart Apache with PHP???
hi, There isn't a specific PHP api for this. But you can execute shell commands through various mechanisms included exec, backticks etc etc. All of this is deadly dangerous of course because you need root privileges. Joe Harman wrote: Hey guys gals... Is there a way to restart Apache with a PHP command? Joe Harman -- http://www.raditha.com/php/progress.php A progress bar for PHP file uploads. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Restart Apache with PHP???
Search the archives. Somebody wanted to restart their server using a web page, and a clever solution was pointed out. By creating a script that monitored for a particular file in temp and restarted the server if it existed it, and cronning it for every minute, they could do it safely and securely. -Dan On Tue, 2003-09-02 at 12:19, Joe Harman wrote: Hey guys gals... Is there a way to restart Apache with a PHP command? Joe Harman -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php