Results 1 to 7 of 7

Thread: PHP + Shell

  1. #1

    PHP + Shell

    Hello,

    I'm trying to integrate a small CP for a friend, so he may have basic control over one of my servers while I'm away, such as rebooting.

    So far what I've done is (presume username is the user I'm using):

    groupadd username

    Then, "nano /etc/sudoers" and added....

    # User privilege specification
    root ALL=(ALL) ALL
    --> user added here: username ALL=(ALL) ALL

    Then in my script, for example I wanted to add "reboot" as an option in the "username" home directory I wrote down:

    "<?php
    shell_exec('sudo reboot');
    ?>"

    Saved as "reboot.php" and CHmodded it to 777.

    Now the problem is, I can only get basic commands available to a user with no special privaledges, such as "uptime" but advanced commands, such as reboot do not work. Please could someone help me on this, I have no idea what I'm doing wrong.

    Thanks

  2. #2
    Join Date
    Jun 2003
    Posts
    961
    your using php/apache? if so sudo is prolly executed by apache/www-data/httpd/nobody or whatever apache is running as, you could get your script running with phpsuexec, so the script/sudo is run as user "username"

  3. #3
    Quote Originally Posted by sehe
    your using php/apache? if so sudo is prolly executed by apache/www-data/httpd/nobody or whatever apache is running as, you could get your script running with phpsuexec, so the script/sudo is run as user "username"
    Thanks for your prompt reply

    Yes, I'm using PHP and Apache. Would you suggest me trying "sudo -u nobody reboot" ? Or do I have to edit any additional config files, and the sudo configuration for this to work?

    Thankyou, your help is much appreciated.

  4. #4
    Join Date
    Apr 2003
    Location
    Melbourne, AU
    Posts
    539
    Firstly, reconsider your method, because it's dangerously insecure.

    To answer your question, you should be having a sudoers entry which contains nobody. Which is the user that Apache runs as, and thus is the user that runs sudo. You also need a NOPASSWD flag to allow sudo to be run without password prompting.

  5. #5
    Join Date
    Mar 2004
    Location
    Los Angeles
    Posts
    617
    Than anyone will be able to reboot the machine.

    Code a small daemon that runs as root and waiting for a signal from user nobody (password protected) to run advanced commands.

    That would be my advise.

  6. #6
    Quote Originally Posted by wKkaY
    Firstly, reconsider your method, because it's dangerously insecure.

    To answer your question, you should be having a sudoers entry which contains nobody. Which is the user that Apache runs as, and thus is the user that runs sudo. You also need a NOPASSWD flag to allow sudo to be run without password prompting.
    I had considered that option, however I had also considered storing the files that contained the passwords and config files in /home/ not accessable by the web, and the actual webfolder that does the lookups would be password protected. It's kinda only for personal use, so I figured it'd be ok. But I appreciate your suggestion, although do have one query. if I can execute a server reboot script as the user "nobody" doesn't that mean, that there is the potential for the scripts, or directories to be easily exploited and anyone with shared access to the server be able to reboot? I'm sorry for my ignorance, I'm extremely new to PHP.

    And "Aras-Ferra", your suggestion does sound very feasable. I may actually do this in another language than PHP. What I seem to want to accomplish seems to be a little too sketchy and insecure with PHP script.

  7. #7
    Join Date
    Mar 2004
    Location
    Los Angeles
    Posts
    617
    You can do that in PHP in a secure way, i mean the socket server or daemon.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •