|
Temporarily running PHP as root
I want to run some PHP scripts to do some server setup and package install, but want to do it through a browser rather than through SSH.
Does anyone know how to temporarily run PHP as root? - I tried running apache as root while I run the scripts, but it won't let me. - I tried sudo from PHP, but it won't let me either. Other ideas? If I can't figure it out then I just have to SSH and do a php myscript.php --param1=foo -param2=bar, but I would prefer to do it thought a browser if possible. |
don't run php/apache as root :2 cents:
|
bad idea.
|
use ssh to run php from cmd line, dont run as root bad idea. like evryone else says
|
What does the script do? I'm positive there is an alternative to using root.
If you are really inclined to do so, just add the script path into your sudoers file and that will allow you to sudo when calling that script. Then you can create another PHP script to run via HTTP that uses something like exec('sudo php /script.php') |
dont run apache as root..
Code:
#!/usr/bin/php -q |
All the script does is create some folders, copy some files, install some new settings. I would just prefer to do it from a browser so I can see the results as I am setting them rather than command line.
Whatever I set up to run as root, I will undo once I install the new site. I will try the sudoers file thing and see what I come up with. |
Quote:
|
Quote:
|
Set apache to be in the right group as the files / folders
or at worst, mod the folders to chmod 777 Don't run php as root |
Maybe I should define the problem better:
Website A, has a settings file. I want to create a duplicate settings file, in another folder that User A can modify. That is all I need to do. This settings file will be used by the website to know what database, what template to use, stuff like that, basic DEFINE's for the website. The website I am using to set the settings file may or may not be the one that uses the settings file. - Apache is running as nobody. - I want to use an interface to set up this new site - Since Apache is nobody, I cannot create a new folder without logging into SSH as root manually and chmod'ing the base directory. - Even when I do that, the settings file is created as nobody, and User A cannot modify it once it is created, since it is not usera:usera, it is nobody:nobody - Therefore, I need to login to SSH, make the folder, touch the file, then chown the folder AND file...only then User A can modify the file. I need to do this for every settings file, and every new variation of the website I make. WTF?! I don't care if Apache runs as root. For the 23 minutes it takes to set up the sites, a hacker is most welcome to come and do his worst. He has a 23 minute window - enjoy. I have to login as root anyway - so either I sudo with the root password or I SSH with the root password - it's not like it's insecure either way I need to know the root pass to accomplish the task. |
Quote:
Code:
mkdir('path/to/dir'); |
Quote:
|
Quote:
|
This thread makes my head hurt.
|
You can have Apache upload and create files and directories as a certain user or group. So if you are SSH'ing in as a regular user, have Apache create the files or directories as that user. Or have Apache create those files or directories as a certain group. Then just make sure your SSH user is in that group.
|
Quote:
I ran apache as root before under the same logic. And I would do it again. But it's been so long since, I don't remember how the hell I did it. Good luck. |
I think that's sorta a bad idea, I would never run it as root
Spanx! Jack |
Quote:
..but I think I will have to.... |
I think your problem is that your FTP login and apache are not in the same wheel group... I have seen this problem with some hosts... ask your host to do that for you and it will fix your problem.
|
Quote:
|
Quote:
|
cPanel and Webmin and others run as root. So this can't be that tough, or that insecure.
Can I tie a specific port like to 123.45.67.89:5000 to my php script and have it run as root there? |
Quote:
|
Quote:
shell_exec('sudo -u root -S command_goes_here < /home/$User/dir/dir/dir/passfile'); There are a variety of methods... You either need to chown the directory structure that is being changed by the script or use a method to execute shell commands as another user... OR you could do something like.... build a mini secure webpage that is only accessible from SSL/443. All it would have is a single button. You click the button it executes your original script as root and returns the output to the mini script for display in the browser. |
Quote:
PHP, designed as a blog script but abused and treated as a programming language, is dangerous enough running as "nobody". Quote:
chmod 775 /home/*/domains/thescript/settings Or: Make a script or better yet a simple C program that does that exact job, taking as little input from the user as possible, and make it setuid (4755). setuid is very powerful, but that means it has to be done right to avoid great risk, so be careful. Some systems won't even let you setuid a shell script because it's so hard to make one secure, so the common practice is to do all setuid scripts in C using a prior setuid program as a temple. /usr/bin/passwd is common, and well written, setuid program. |
why do you want to haxzor a virtual host?
|
Quote:
|
| All times are GMT -7. The time now is 02:04 AM. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123