On Fri, 2007-10-05 at 11:13 -0400, Nuitari wrote: > Yeah I'm well aware of the problem that poses, but I need to do some > web based server management scripts and sudo just ain't cutting it.
I've done this a few different ways. In my new hosting site (in development) I'm using the ssh2 extension in PHP to log into the server as root, with username and password, to execute commands. This method carries with it all the usual problems of using passwords in source code files, though. I've tried to minimize the risk by wrapping the ssh code in a class with methods for performing each action - there's no generic exec() method. If I wanted to use it to run "rm -rf /" I'd have to write a method to do it. The root password is hardcoded in the ssh connect code, since even private variables show up in a print_r(). The method I use on my current site is also based on ssh, except I set up public key authentication so my scripts can log in as root without having to specify a password. This is probably more of a risk if anyone hacks the account. With a password in a source file, at least they'd have to find the file :) At my last company, I built a monstrosity out of perl, an xmlrpc server running as root that used https as the transport and client certificate verification to authenticate incoming connections. I wrote a php class to connect to the xmlrpc server with the client cert and send it commands to be executed as root. It was kind of slow. -- Sean Gabriel Heacock Telana Internet Services http://www.telana.com/ _______________________________________________ Peruser mailing list [email protected] http://www.telana.com/mailman/listinfo/peruser
