Hello fellow phpers, I am in need of some guidance. I'm currently working on a project where we have an API that accepts public calls. Some of the API calls may result in changes being made to the server. These changes typically require a user with elevated privileges. We are running apache as the webserver and the user running apache doesn't really have access to the commands we want to run. We don't want to change the access the apache user has. Certain API calls specify what command (or script) to run.
Some of these commands will include, but are not limited to: * Executing pre-written shell scripts * Creating directories (mkdir) * Restarting services * Changing ownership or permissions on directories/files (chown/chmod) Using php's built in shell_exec or equivalent functions does not work do to the apache user not having access to run some of the commands. So it seems to me that I need to have a separate process with elevated access to the server running that php can send commands to. Some thoughts I've had is running something like Node.js on the server but limiting access to it to localhost. Then having PHP send some requests to it like "Run script x". Then node would perform the task on the server and report back to PHP. What is the best way to go about doing this? Have any of you done something similar and how did you accomplish that task? tl;dr I have some shell scripts that I'd like to have executed based on certain API calls processed by PHP. How do I get PHP to execute these scripts while keeping the apache user secure? Any third party solutions? Thanks, - David Skinner _______________________________________________ UPHPU mailing list [email protected] http://uphpu.org/mailman/listinfo/uphpu IRC: #uphpu on irc.freenode.net
