You need to edit /etc/sudoers file and allow apache to execute <command>. And you also need to be carefull what you are doing or you will create a security hole.Can I recommend you don't try to add the apache webserver user to your sudoers file? Big no-no. If anyone tries to issue a 'su' command on your server from a web based form for example you could compromise your machine. I have a more elegant solution... create a shell script 'command.sh' and then setup a cron job to execute the script every so often. Let me show you an example...
Nitin Mehta wrote:
but how would i store keys for apache?
----- Original Message ----- From: "Marek Kilimajer" <[EMAIL PROTECTED]>
To: "Nitin Mehta" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Tuesday, January 27, 2004 4:03 PM
Subject: Re: [PHP] su idn't working from within php
Why do you need su? Set up sudo for apache user.
Nitin Mehta wrote:
hi all
i was trying to execute some commands as an authorized user from within
my php script with
exec ("su <username> -c \"sudo <command>\" 2>&1;", $output);
but it gives me
standard in must be a tty
how can i make it work? it runs perfectly at command prompt
I even tried to ssh, but the problem is where should i copy the rsa-key
generated with keygen, as the scripts are run as apache/http user..........
Plz help me out of this
Thanx in advance Nitin
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[shell.sh] #!/bin/sh if test -f /path/to/file then echo "file found, proceeding to execute command as root" <code to be run as root> echo "removing temporary file used to signal process" rm -dfr /path/to/file else echo "file was not found, exiting shell gracefully" exit 0 fi [end shell.sh]
[script.php]
if(!emtpy($yourvariable)) {
echo "variable found, creating temporary file to flag shell script to execute";
system("touch /path/to/file");
} else {
echo "variable not present, exiting"; }
[end script.php]
[crontab <file>] */5 * * * * /path/to/shell.sh >>/tmp/php_log 2>&1 [end crontab <file>] *** make sure you are root when adding this command to your cron jobs
This way your cronjob runs every five minutes and executes your shell script. Your shell script checks to see if a temporary file is present and if it is executes the command on the server as the root user. No privledge escalation holes.
Hope this helps, let me know if it doesn't or if you don't have dedicated hosting.
Jas
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
