Page 1 of 1

Making httpd su to another user

Posted: Mon Dec 04, 2006 12:57 pm
by memotype
Is there any way to cause PHP or the httpd to su to another user from PHP? I.e. Prompt the browser for username/password, and use that to su, so that the PHP/httpd instance has the rights to modify that user's files, etc?

Thanks

Posted: Mon Dec 04, 2006 3:05 pm
by ok
Try this (from the Ubuntu forums): http://www.ubuntuforums.org/showthread.php?t=24008

Posted: Tue Dec 05, 2006 6:56 am
by memotype
ok wrote:Try this (from the Ubuntu forums): http://www.ubuntuforums.org/showthread.php?t=24008
I don't see how this answers my question... I'm asking how to change users from PHP, it seems like this is a desktop icon or something.

Posted: Tue Dec 05, 2006 7:51 am
by Chris Corbyn
You can't. You can have PHP run under different userids for different virtual hosts when it executes CGI scripts but you can't switch at runtime.

To use a different userid for a virtual host you need the apache suexec module and you need to run PHP as CGI for that virtual host.

Posted: Tue Dec 05, 2006 8:13 am
by memotype
d11wtq wrote:You can't. You can have PHP run under different userids for different virtual hosts when it executes CGI scripts but you can't switch at runtime.

To use a different userid for a virtual host you need the apache suexec module and you need to run PHP as CGI for that virtual host.
Hmm... would it be possible to run, i.e., "su -c /bin/sh" as a subprocess and feed commands into that from PHP? Or maybe have apache ask for username/password from the browser, and then suexec the PHP file?

Posted: Tue Dec 05, 2006 11:25 am
by ok
Try your luck on the Linux forum.