Re: [PHP] Getting root privs
On 04/30/2010 09:53 AM, Nilesh Govindarajan wrote: That was what my basic idea about implementing it, but just put up a discussion here to see if there is really any other method except sudo- and there is that cron one as suggested by Jim Lucas. Use the sudoers file to allow your apache user to run specific commands with optional wildcard parameters: http://linuxmanpages.com/man5/sudoers.5.php -- Thanks! -Shawn http://www.spidean.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Getting root privs
On 04/30/2010 11:26 AM, Jim Lucas wrote: Nilesh Govindarajan wrote: Hi, As you know there are lot of control panels lying around like Cpanel, Lxadmin, most of them based on PHP. The control panels allow editing of system files which requires root privileges, can somebody tell me how to gain root privileges inside the script so that it can be useful if I want to give my users a DNS editing interface instead of loading a big bloated control panel. We use an interface that writes everything to a DB. Then, every 5 minutes, a cron job comes around and dumps the db and builds the zone files for us. Might try something similar. It would be a lot safer then giving root access via PHP... :) Hmm that's a great idea. But my question is in general, suppose I get some freelance job to write a control panel for managing httpd, etc. Same procedure can be used ? I think so ? -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Getting root privs
On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: On 04/30/2010 11:26 AM, Jim Lucas wrote: Nilesh Govindarajan wrote: Hi, As you know there are lot of control panels lying around like Cpanel, Lxadmin, most of them based on PHP. The control panels allow editing of system files which requires root privileges, can somebody tell me how to gain root privileges inside the script so that it can be useful if I want to give my users a DNS editing interface instead of loading a big bloated control panel. We use an interface that writes everything to a DB. Then, every 5 minutes, a cron job comes around and dumps the db and builds the zone files for us. Might try something similar. It would be a lot safer then giving root access via PHP... :) Hmm that's a great idea. But my question is in general, suppose I get some freelance job to write a control panel for managing httpd, etc. Same procedure can be used ? I think so ? If you can find an open source control panel (like webmin), you could download the code and examine it. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Getting root privs
On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote: On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: On 04/30/2010 11:26 AM, Jim Lucas wrote: Nilesh Govindarajan wrote: Hi, As you know there are lot of control panels lying around like Cpanel, Lxadmin, most of them based on PHP. The control panels allow editing of system files which requires root privileges, can somebody tell me how to gain root privileges inside the script so that it can be useful if I want to give my users a DNS editing interface instead of loading a big bloated control panel. We use an interface that writes everything to a DB. Then, every 5 minutes, a cron job comes around and dumps the db and builds the zone files for us. Might try something similar. It would be a lot safer then giving root access via PHP... :) Hmm that's a great idea. But my question is in general, suppose I get some freelance job to write a control panel for managing httpd, etc. Same procedure can be used ? I think so ? If you can find an open source control panel (like webmin), you could download the code and examine it. Paul -- Paul M. Foster You could use exce() to run a sudo command (piping the password through to it or add the apache user into the sudoers list) to run things at the root level. You must be very very careful with this though, and only use it as a last resort if you absolutely have to, as any sort of vulnerability in your script could compromise your entire server. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Getting root privs
On 04/30/2010 08:10 PM, Paul M Foster wrote: On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: On 04/30/2010 11:26 AM, Jim Lucas wrote: Nilesh Govindarajan wrote: Hi, As you know there are lot of control panels lying around like Cpanel, Lxadmin, most of them based on PHP. The control panels allow editing of system files which requires root privileges, can somebody tell me how to gain root privileges inside the script so that it can be useful if I want to give my users a DNS editing interface instead of loading a big bloated control panel. We use an interface that writes everything to a DB. Then, every 5 minutes, a cron job comes around and dumps the db and builds the zone files for us. Might try something similar. It would be a lot safer then giving root access via PHP... :) Hmm that's a great idea. But my question is in general, suppose I get some freelance job to write a control panel for managing httpd, etc. Same procedure can be used ? I think so ? If you can find an open source control panel (like webmin), you could download the code and examine it. Paul Webmin is written in perl. I will see the code of web-cp which is php based. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Getting root privs
On 04/30/2010 08:12 PM, Ashley Sheridan wrote: On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote: On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: On 04/30/2010 11:26 AM, Jim Lucas wrote: Nilesh Govindarajan wrote: Hi, As you know there are lot of control panels lying around like Cpanel, Lxadmin, most of them based on PHP. The control panels allow editing of system files which requires root privileges, can somebody tell me how to gain root privileges inside the script so that it can be useful if I want to give my users a DNS editing interface instead of loading a big bloated control panel. We use an interface that writes everything to a DB. Then, every 5 minutes, a cron job comes around and dumps the db and builds the zone files for us. Might try something similar. It would be a lot safer then giving root access via PHP... :) Hmm that's a great idea. But my question is in general, suppose I get some freelance job to write a control panel for managing httpd, etc. Same procedure can be used ? I think so ? If you can find an open source control panel (like webmin), you could download the code and examine it. Paul -- Paul M. Foster You could use exce() to run a sudo command (piping the password through to it or add the apache user into the sudoers list) to run things at the root level. You must be very very careful with this though, and only use it as a last resort if you absolutely have to, as any sort of vulnerability in your script could compromise your entire server. Thanks, Ash http://www.ashleysheridan.co.uk That was what my basic idea about implementing it, but just put up a discussion here to see if there is really any other method except sudo- and there is that cron one as suggested by Jim Lucas. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Getting root privs
On Fri, 2010-04-30 at 20:23 +0530, Nilesh Govindarajan wrote: On 04/30/2010 08:12 PM, Ashley Sheridan wrote: On Fri, 2010-04-30 at 10:40 -0400, Paul M Foster wrote: On Fri, Apr 30, 2010 at 12:11:17PM +0530, Nilesh Govindarajan wrote: On 04/30/2010 11:26 AM, Jim Lucas wrote: Nilesh Govindarajan wrote: Hi, As you know there are lot of control panels lying around like Cpanel, Lxadmin, most of them based on PHP. The control panels allow editing of system files which requires root privileges, can somebody tell me how to gain root privileges inside the script so that it can be useful if I want to give my users a DNS editing interface instead of loading a big bloated control panel. We use an interface that writes everything to a DB. Then, every 5 minutes, a cron job comes around and dumps the db and builds the zone files for us. Might try something similar. It would be a lot safer then giving root access via PHP... :) Hmm that's a great idea. But my question is in general, suppose I get some freelance job to write a control panel for managing httpd, etc. Same procedure can be used ? I think so ? If you can find an open source control panel (like webmin), you could download the code and examine it. Paul -- Paul M. Foster You could use exce() to run a sudo command (piping the password through to it or add the apache user into the sudoers list) to run things at the root level. You must be very very careful with this though, and only use it as a last resort if you absolutely have to, as any sort of vulnerability in your script could compromise your entire server. Thanks, Ash http://www.ashleysheridan.co.uk That was what my basic idea about implementing it, but just put up a discussion here to see if there is really any other method except sudo- and there is that cron one as suggested by Jim Lucas. -- Nilesh Govindarajan Site Server Administrator www.itech7.com मेरा भारत महान ! मम भारत: महत्तम भवतु ! To make things a little bit more secure when using exec() you could call a series of custom Bash scripts which you can have set up to only accept certain ranges of parameters, which would avoid someone passing a string like nasty_command here to the command line. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Getting root privs
Nilesh Govindarajan wrote: Hi, As you know there are lot of control panels lying around like Cpanel, Lxadmin, most of them based on PHP. The control panels allow editing of system files which requires root privileges, can somebody tell me how to gain root privileges inside the script so that it can be useful if I want to give my users a DNS editing interface instead of loading a big bloated control panel. We use an interface that writes everything to a DB. Then, every 5 minutes, a cron job comes around and dumps the db and builds the zone files for us. Might try something similar. It would be a lot safer then giving root access via PHP... :) -- Jim Lucas Some men are born to greatness, some achieve greatness, and some have greatness thrust upon them. Twelfth Night, Act II, Scene V by William Shakespeare -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php