Calling shell scripts from PHP as other users

Whether you are using Linux on the desktop or as a server, it's still good that you're using Linux. Linux related questions go here.

Moderator: General Moderators

Post Reply
Thin
Forum Newbie
Posts: 1
Joined: Thu Dec 01, 2005 7:58 am

Calling shell scripts from PHP as other users

Post by Thin »

Hi all

Quick question regarding permissions under Linux. I want to call a shell script from a php page that will start an application on the machine.

To test this out, I've had a go executing 'uptime' from a php page and the results are returned to the browser, minus the number of users logged in.

I've had a read around and am still a little confused as to how this works with Linux file permissions. Presumeably if the Apache user has execute access to the script, it will run, but if the script itself fires off other applications do these also need to be executable by the Apache user?

Really after a little thought what I want to be able to do is to call a script to be executed as another user (NOT root but not www/apache either) from a php page. I think this is acceptable as the script in question takes no user input, it merely executes.

Can anyone walk me through the best way to do this ? I've had a read around and initally thought suExec might be what I was looking for, but the tutorial didn't really help with this particular problem.

TIA
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

In a regular script you can su - / sudo to become a different user (and gain his privileges). Another possibility is to allow the script to run as the owner of that script (chmod +g). But i don't know how well apache likes these..

You can also use the su_exec apache module that does this.

But i've got a feeling that it's clearer if you simply give privileges to all users that need privileges (in your case this is the user that runs apache)
User avatar
dude81
Forum Regular
Posts: 509
Joined: Mon Aug 29, 2005 6:26 am
Location: Pearls City

Post by dude81 »

One Possiblity will be executing system command
which executes any command on linux server

Code: Select all

system('su user', $return_variable);

$dir="script dirrectory path here";

chdir($dir);

system('$dir."/".file.sh');
I hope this can help

Thank You
redmonkey
Forum Regular
Posts: 836
Joined: Thu Dec 18, 2003 3:58 pm

Post by redmonkey »

In order to execute a script you need to have both read and execute permissions (the script is read first then executed). If it's a binary then just execute permissions are required.

When a script is executed any subsequent calls to other scripts/binaries are executed under the user which called the originating script.

You may want to look into using PHP as a CGI with Apache and suexec or alternatively setting the SUID of the script may be a better alternative.
Post Reply