i was thinking of embarking on the road of building my own control panel. I was gonna hvae a area where you can eboot the server and shut it down ect.

is this code thats about to follow right to reboot a server?
echo 'Server Rebooting.......';
shell_exec('reboot');
echo '<pre>$output</pre>';


it should say whilst the server is rebooting "Server Rebooting....."

Just be aware: Your PHP code would have to run as a privileged user in order to reboot. You'll need to be exceedingly careful if the PHP process is running as root or root equiv... any exploit of your code could well have root access. Consider that as you are designing your system.

Cheers

so is that code right? and im aware of the risk

so is that code right? and im aware of the risk

Assuming that /sbin/reboot or /sbin/shutdown (if you use that instead) is in the users path who runs that script, yeah it would work, but you would be better to tighten securtiy up on that and use the full path to that binary as well imho.

i think ill set up a testing server and try it out. thanks anyway.

The usual course of action for such a system where you must be able to kick off superuser jobs from a website (server admin stuff, backups, etc.) is to have a secondary cronjob or daemon that the website communicates with in a secure fashion (such as encrypted using a shared key).

That secondary process runs as root and can perform only a limited set of functions, while the PHP script runs as the Apache user as usual. This way you can further minimize your attack risk by not having PHP execute root code directly.

Just a note, when the server is rebooting, connection is lost.

Thus after:
shell_exec('reboot');

No code will be executed.

am I wrong?

Peace,

Just a note, when the server is rebooting, connection is lost.

Thus after:
shell_exec('reboot');

No code will be executed.

am I wrong?

Peace,
You are theoretically (sp?) right but the server doesn't immediately reboot. The output should show up before it gets booted.

yeh thats what i thought.

on debian sarge you use ./reboot

How would ./reboot work unless you were in /sbin? If you're in /home/xeen as your CWD, then ./reboot would try to execute /home/xeen/reboot

you could always shutdown -t 10, which will give you 10 seconds of gracetime before it starts - you could then actually check that the shutdown command is running, and cleanly logout..